GitHub Blog Search
The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.
Chief Tools is now a GitHub secret scanning partner
Explore how GitHub Enterprise can help you transform your software engineering organization and practices.
CodeQL code scanning now supports customizing build configurations for Go analysis
The GitHub Enterprise Server 3.7 Release Candidate is available
The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.
Secret scanning enterprise-level enablement events now in the audit log
Upgrade your local installation of Git, especially when cloning with --recurse-submodules from untrusted repositories, or if you use git shell interactive mode.
Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens.
Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease.
New to Git v2.38, Scalar is a built-in repository manager for large repos. Here, we’ll tell the story of how Scalar went from a rough VFS for Git successor to a fully-integrated Git tool, with all of the engineering lessons learned in the process.
Reverted recent change that caused some pull requests to be incorrectly marked as merged
Stay connected and up to date on your work with GitHub Projects on GitHub Mobile, now in public beta.
On the go with GitHub Projects on GitHub Mobile (public beta)
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.
In September, we experienced one incident that resulted in degraded performance across GitHub services. We also experienced one incident resulting in significant impact to Codespaces. We are still investigating that incident and will include it in next month’s report. This report also sheds light into an incident that impacted Codespaces in August and an incident that impacted Actions in August.
Secret scanning alerts now have a timeline and users can add a comment when resolving
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.
CodeQL for VS Code: download CodeQL databases from GitHub.com