How we ship code faster and safer with feature flags
At GitHub, we're continually working to improve existing features and shipping new ones all the time. From our launch of GitHub Discussions to the release of manual approvals for GitHub…
GitHub Blog Search
Search Results for: organization
GitHub Actions: Control permissions for GITHUB_TOKEN
GitHub Actions: Control permissions for GITHUB_TOKEN
Implementing least privilege for secrets in GitHub Actions
GitHub Actions provide a powerful, extensible way to automate software development workflows. When access to outside resources is required, GitHub provides the ability to store encrypted secrets used by GitHub…
Audit Log Git events and REST API are generally available
Audit Log Git events and REST API are generally available
Announcing the Global Maintainer Summit
If you’re an open source maintainer, you know that keeping the wheels of the open source ecosystem turning is quite a task. Project maintenance is uniquely challenging and rewarding work.…
GitHub Advanced Security: Introducing security overview beta and general availability of secret scanning for private repositories
GitHub Advanced Security helps you create secure applications with a community-driven, developer-first approach. Today, we are excited to announce two updates: Beta of the new security overview for organizations and…
Packages: internal visibility now available for Container registry
Packages: internal visibility now available for Container registry
Solving the innersource discovery problem
Imagine you’re in an organization with over 2,000 repositories across several different product lines. It can be daunting task to find the right project.
Open innovation will be the winning strategy for digital sovereignty and human progress in the new decade
This article originally appeared in The New Stack, and is republished here with permission. Digital sovereignty has become a rallying cry across the globe. In 2021, open innovation will, counterintuitively,…
How we found and fixed a rare race condition in our session handling
On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is…
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.
Dependabot ❤️s private dependencies
Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…
Scripting with GitHub CLI
It has been a year since we’ve launched the first public release of GitHub CLI. Since, we have added functionality to manage your repositories, comment on issues, enable auto-merge for…
How MLOps can drive governance for machine learning: A conversation with Algorithmia
This post features a guest interview with Diego M. Oppenheimer, CEO at Algorithmia Over the past few years, machine learning has grown in adoption within the enterprise. More organizations are…
Advanced Security committer reporting and roll-out improvements
Advanced Security committer reporting and roll-out improvements
Measuring enterprise developer productivity
In a recent paper written by Nicole Forsgren and her colleagues, “The SPACE of developer productivity: There’s more to it than you think,” there is an irony that is hard…
GitHub security update: A bug related to handling of authenticated sessions
Why did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out…
Enterprise Domain Verification for GitHub Enterprise Cloud is generally available
Enterprise Domain Verification for GitHub Enterprise Cloud is generally available
This week at GitHub InFocus: Code security and DevSecOps
Two weeks ago, we kicked off GitHub InFocus, a global virtual series just for software teams. Last week, we learned what powers a successful DevOps program. Next up: Security. We…