GitHub Blog Search
Search Results for: GitHub Actions
Configure dependency review for vulnerability severity and license type
Configure dependency review for vulnerability severity and license type
How we think about browsers
Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience.
Securing and delivering high-quality code with innersource metrics
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.
Today’s most common security vulnerabilities explained
We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
Software security starts with the developer: Securing developer accounts with 2FA
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
Git Credential Manager: authentication for everyone
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.
Secret scanning custom pattern events now in the audit log
Secret scanning custom pattern events now in the audit log
Prevent the introduction of known vulnerabilities into your code
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.
Our response to the war in Ukraine
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.
CODEOWNERS improvements (syntax errors, preview of who will be requested, and more)
CODEOWNERS improvements (syntax errors, preview of who will be requested, and more)
Code scanning finds more vulnerabilities using machine learning
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.
Code scanning and Ruby: turning source code into a queryable database
A deep dive into how GitHub adds support for new languages to CodeQL.
Top-100 npm package maintainers now require 2FA, and additional security-focused improvements to npm
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.
2021 Transparency Report
In GitHub's latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal.
Thinking beyond SQL injection: OWASP tips for secure database access
When it comes to secure database access, there's more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.
How to define security requirements for your OSS project
Defining your security requirements is the most important proactive control you can implement for your project. Here's how.