GitHub Enterprise Server 3.3 is generally available
GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories.
GitHub Blog Search
GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories.
Today we're introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.
GitHub Actions: Workflows triggered by Dependabot receive dependabot secrets
From learning YAML to scripting with Bash, here are a few simple tips for developers who want to speed up their workflows.
DRY your Actions configuration with reusable workflows (and more!)
The OpenID Connect (OIDC) support for secure cloud deployments with GitHub Actions is now generally available.You can configure your workflows to request short-lived access tokens that are automatically rotated for…
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab's @kevinbackhouse describes enrolling a project.
The latest release of the CodeQL CLI supports including markdown-rendered query help in SARIF files so that the help text can be viewed in the code scanning UI. This functionality…
A recap of all the GitHub Education news from Universe 2021, including the new Intro to Web Dev Experience.
A public beta of the new GitHub Issues, a "security manager" role for organizations, a command palette beta, and lots more.
Check out some advanced automation and CI/CD capabilities you can use today with GitHub Actions on any GitHub account.
Debugging CodeQL code scanning made easier by retaining diagnostic artifacts in Actions
GitHub Enterprise Cloud self-service compliance reports for 2021 are now available
Deprecating non-audit-related advisory fetch endpoints for the npmjs.com registry API
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.
CodeQL code scanning now recognizes more Java and JavaScript libraries and frameworks