
Getting started with GitHub Actions just got easier!
When you want to create a workflow in the Actions tab of your repository, the recommendations are now based on an analysis of repo content.
When you want to create a workflow in the Actions tab of your repository, the recommendations are now based on an analysis of repo content.
Getting started with GitHub Actions just got easier! Now, when you want to create an Actions workflow in the Actions tab of your repository, the workflow recommendations will be based…
Up until today, the GitHub Advisory Database has only published advisories that have been curated and approved by our Security Lab team. This approach meant users sometimes couldn’t find advisories…
Following our last update, we have a number of exciting updates and improvements being released today for the new projects experience. 🔗 Stay in sync with linked pull requests One…
Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.
How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)
On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.
Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests.
Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language.
Code navigation is now available in PRs, and code navigation results for Python are now more precise.
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans may prevent data leaks and any fraud associated with…
You can multiply the impact of your domain experts by building their common workflows into ChatOps.
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project.
A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.
Administrators can now allow specific users and teams to bypass pull request requirements. For context, this image shows how administrators can use branch protections to require pull requests for all…
In this post, I’ll use three bugs that I reported to Qualcomm in the NPU (neural processing unit) driver to gain arbitrary kernel code execution as root user and disable SELinux from the untrusted app sandbox in an Android phone.
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.
The State of the Octoverse analyzes data from millions of developers & repos to share trends across working habits, productivity, and career satisfaction.
To celebrate this most recent release, here’s GitHub’s look at some of the most interesting features and changes introduced since last time.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.