Search results for: Security

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Secret scanning alerts for third party API key detections now include a link to relevant documentation provided by the service provider, where available. These links are intended to help users…

GitHub Actions hosted runner images are now more secure than ever, with the ability to see exactly what software is pre-installed on the image that was used by the runner…

Previously, GitHub Advanced Security customers could enable push protection for all patterns supported by default. Now, admins can also enable push protection for any custom pattern defined at the repository…

Previously, only organizations with GitHub Advanced Security could enable secret scanning’s user experience on their repositories. Now, any admin of a public repository on GitHub.com can detect leaked secrets in…

GitHub now allows you to track any leaked secrets in your public repository, for free. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.

Enterprises with GitHub Advanced Security can now enable secret scanning and push protection on all their organizations using a single call to an enterprise-level REST API endpoint. You can also…

We’ve hardened our Dependabot support for private registries such that it will no longer make package requests to public registries if private registries are configured for the following ecosystems: Bundler…

Another new release of Git is here to end the year! Take a look at some of our highlights on what’s new in Git 2.39.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

GitHub Security was recently notified about a caching issue affecting npm. This bug had been present since 2016 and sporadically caused npm maintainers to be re-invited upon removal from packages…

GitHub Advanced Security customers using secret scanning can now view any new secrets exposed in an issue’s title, description, or comments within the UI or the REST API. This expanded…

In November, we experienced two incidents that resulted in degraded performance across GitHub services. This report also sheds light into an incident that impacted Codespaces in October.

Now you can create tokens with fine-grained permissions for automating your publishing and organization management workflows. And a new code explorer allows you to view content of a package directly in the npm portal.

Catch up on everything we announced and see what else happened during this year’s GitHub Universe conference that took place November 9-10.

AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.

Administrators, or enterprise owners, have the increased responsibility of managing their account and keeping it secure. We are excited to introduce what is new with enterprise accounts and what is coming soon.

GitHub organizations can now use the code scanning organization-level API endpoint to retrieve code scanning alerts on public repositories; this no longer requires a GitHub Advanced Security license. This new…

GitHub’s audit log allows organization and enterprise admins to quickly review the actions performed by members of their organization or enterprise. For Dependabot alerts, the audit log includes actions such…

Starting today, GitHub code scanning includes beta support for analyzing code written in Kotlin, powered by the CodeQL engine. Kotlin is a key programming language used in the creation of…

Dependabot expands its existing Hex private registry support beyond Hex organizations by adding support for self-hosted Hex repositories. You can configure your self-hosted Hex package repository as a private registry…