What’s new from GitHub Changelog? October 2021 recap
A public beta of the new GitHub Issues, a "security manager" role for organizations, a command palette beta, and lots more.
GitHub Blog Search
A public beta of the new GitHub Issues, a "security manager" role for organizations, a command palette beta, and lots more.
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
During Universe, we received a number of security questions ranging from our strategy to our advisories. Here's what we've got planned!
GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool.
Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.
Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.
Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.
In August, we experienced two distinct incidents resulting in significant impact and degraded state of availability for Git operations, API requests, webhooks, issues, pull requests, GitHub Pages, GitHub Packages, and GitHub Actions services.
We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline.
GitHub Actions: Setup-java now supports dependency caching
We're excited to support researchers and academics on GitHub with enhanced citation support through `CITATION.cff` files.
A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.
GitHub’s supply chain security features are now available for Go modules, which will help the Go community discover, report, and prevent security vulnerabilities.
This month, we have some exciting updates to share. A lot of you have welcomed the improvements to your ability to sync a forked repo with upstream from the web…
GitHub’s bug bounty program is now a mature component of how we improve product security. We're excited to highlight some achievements (and interesting vulnerabilities)!
In May, we experienced two incidents resulting in significant impact to multiple GitHub services.
GitHub Advisory Database now includes Go advisories
GitHub Artifact Exporter provides a CLI and a simple GUI for exporting GitHub Issues and related comments based on a date range, and it supports GitHub’s full search syntax.
GitHub Enterprise Server 3.1 is now available to download as a release candidate. This release follows the most popular GitHub Enterprise Server release in years. GitHub Enterprise Server 3.0 brought…
In April, we experienced two incidents resulting in significant impact and degraded state of availability for API requests and the GitHub Packages service, specifically the GitHub Packages Container registry service.…