Keeping open source software secure is a community responsibility. But with millions of projects, it’s hard to pinpoint the right signal from noise—and find and fix the vulnerabilities that really…
When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.
GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.
GitHub Actions hosted virtual environments are a turn-key option for running your workflows. But if you need fine-grained control and customization of your environment, then self-hosted runners give you full…
Today GitHub Actions shipped a series of features designed to improve your workflows when working with PRs from repository forks. New settings for private repository forks Many GitHub customers choose…
GitHub Actions gives you the power to automate your workflow. Connect with the tools you know and love. Have more freedom to innovate and be creative. Deploy to any cloud,…
As previously announced, beginning November 13th, 2020, we will no longer accept account passwords when authenticating with the REST API and will require the use of token-based authentication (e.g., a…
GitHub Enterprise accounts on github.com now enjoy higher hourly API rate limits for both GitHub Apps and OAuth Apps. OAuth Apps were increased to 15,000 API calls per hour from…
Last week, the Court of Justice of the European Union (CJEU) ruled the EU-US Privacy Shield, a mechanism governing personal data transfers from the EU to the US, is invalid due to concerns…
GitHub stores your source code, releases, and a vast amount of invaluable information in issues and pull requests. While GitHub Enterprise Server (GHES), our self hosted solution, provides great security by default, administrators can take additional steps to further harden their appliance. This post will guide you through the most important settings.
GitHub dependency insights helps both developers and security teams manage their open source security with confidence—automatically compiling relevant CVE information, aiding in OSS license compliance, and helping them better understand their OSS dependency versions.
What is the Availability Report? Historically, GitHub has published post-incident reviews for major incidents that impact service availability. Whether we're sharing new investments to infrastructure or detailing site downtimes, our…
Authentication is a critical component to your daily development. When working in open source, you need to prove that you have rights to update a branch with git push. Additionally…
Leia este artigo em português Sabemos como a aprendizagem é importante para o seu sucesso na utilização do GitHub. Quando você estiver usando nossos produtos, esperamos que você se sinta…