GitHub Blog Search
We recently shipped support for the origin-bound draft standard for security codes delivered via SMS. This standard ensures security codes are entered in a phishing-resistant manner. It accomplishes this by binding an SMS with…
GitHub Actions gives you the power to automate your workflow. Connect with the tools you know and love. Have more freedom to innovate and be creative. Deploy to any cloud,…
At GitHub, we spend a lot of time thinking about and building secure products—and one key facet of that is threat modeling. This practice involves bringing security and engineering teams…
Learn about patterns for configuring and maintaining GitHub Actions self-hosted runners on Google Cloud.
Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk, a company that uses ZAP to help users fix application security bugs before they hit production. Prior to making the move into security, he was a developer for 25 years and strongly believes that you can’t build secure web applications without knowing how to attack them.
In this post, hear from @stevemar, a Senior Technical Staff Member at IBM, about a new GitHub Starter Workflow for developers deploying containerized applications to IBM Cloud Kubernetes Service. Here…
Protect your team’s code with secure software development best practices like setting up SAML/SCIM integrations, enforcing policies to avoid code leakage, and more.
GitHub stores your source code, releases, and a vast amount of invaluable information in issues and pull requests. While GitHub Enterprise Server (GHES), our self hosted solution, provides great security by default, administrators can take additional steps to further harden their appliance. This post will guide you through the most important settings.
From GitHub Actions and magic URLs to gists, check out Jason Etcovich’s top ten tips and tricks to help you hack your GitHub experience.
A phishing campaign targeting our customers lures GitHub users into providing their credentials (including two-factor authentication codes). Learn more about the threat and what you can do to protect yourself.
Learn about the legacy, architecture, and methods used to reduce 48k lines of code to 10 as we take a deep dive into GitHub’s Javascript SDK.
In-depth analysis of February service disruptions that impacted GitHub services.
Additional security features, a new internal visibility option, and more with the latest updates to GitHub Enterprise Server 2.20.
Manage secrets, make use of self-hosted runners, and more with the GitHub Actions API—now available in beta.
IP allow lists gives you the ability to limit access to enterprise assets to an allowed set of source IPs, and it’s now available in public beta for GitHub Enterprise Cloud customers.
Keep GitHub Enterprise Server secure with our recommendations for security best practices, from password protection to logging and auditing.
See what’s new for community and project management, developer productivity, and security in GitHub Enterprise Server 2.19.
Celebrate a GitHub Action's milestone with highlights of a few key actions and a technology partner's work.
Now you can sync groups across Azure Active Directory and GitHub teams with team synchronization for GitHub Enterprise Cloud.
