How we ship code faster and safer with feature flags
At GitHub, we're continually working to improve existing features and shipping new ones all the time. From our launch of GitHub Discussions to the release of manual approvals for GitHub…
GitHub Blog Search
At GitHub, we're continually working to improve existing features and shipping new ones all the time. From our launch of GitHub Discussions to the release of manual approvals for GitHub…
GitHub Actions: Control permissions for GITHUB_TOKEN
GitHub Actions provide a powerful, extensible way to automate software development workflows. When access to outside resources is required, GitHub provides the ability to store encrypted secrets used by GitHub…
Audit Log Git events and REST API are generally available
If you’re an open source maintainer, you know that keeping the wheels of the open source ecosystem turning is quite a task. Project maintenance is uniquely challenging and rewarding work.…
GitHub Advanced Security helps you create secure applications with a community-driven, developer-first approach. Today, we are excited to announce two updates: Beta of the new security overview for organizations and…
Packages: internal visibility now available for Container registry
Imagine you’re in an organization with over 2,000 repositories across several different product lines. It can be daunting task to find the right project.
This article originally appeared in The New Stack, and is republished here with permission. Digital sovereignty has become a rallying cry across the globe. In 2021, open innovation will, counterintuitively,…
On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is…
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.
Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…
It has been a year since we’ve launched the first public release of GitHub CLI. Since, we have added functionality to manage your repositories, comment on issues, enable auto-merge for…
This post features a guest interview with Diego M. Oppenheimer, CEO at Algorithmia Over the past few years, machine learning has grown in adoption within the enterprise. More organizations are…
Advanced Security committer reporting and roll-out improvements
In a recent paper written by Nicole Forsgren and her colleagues, “The SPACE of developer productivity: There’s more to it than you think,” there is an irony that is hard…
Why did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out…
Enterprise Domain Verification for GitHub Enterprise Cloud is generally available
Two weeks ago, we kicked off GitHub InFocus, a global virtual series just for software teams. Last week, we learned what powers a successful DevOps program. Next up: Security. We…