Search results for: Account

Using deferred compliance in GitHub’s CI process to improve developer productivity.

API Generally Available The GitHub Apps API for managing installations has now graduated from an API preview to a generally available API. The preview header is no longer required to…

We regularly update our policies to reflect the evolution of our products, changing legal requirements, and user feedback. In this update, we’ve made some changes to our Terms of Service,…

This article originally appeared in TechCrunch, and is republished here with permission. The Supreme Court heard arguments October 7 in Google v. Oracle. This case raises a fundamental question for…

See this post in action during GitHub Demo Days on October 16. What makes a project successful? For developers building cloud-native applications, successful projects thrive on transparent, consistent, and rigorous…

As policymakers grapple with how to address hate speech and disinformation on the internet, they’re eying the legal structure underpinning collaborative software development: legal safe harbors. These safe harbors protect…

npm is introducing a new setting for access tokens to support publishing to the npm registry from CI/CD workflows. Previously, you could create an access token with one of two…

The default branch name for new repositories is now main. To set a different default: For users, on the https://github.com/settings/repositories page For organization owners, on the https://github.com/organizations/YOUR-ORGANIZATION/settings/repository-defaults page For enterprise…

Starting today you can temporarily disable a GitHub Actions workflow either in the UI or through the API. With this functionality you can stop a workflow from being triggered without…

We recently shipped support for the origin-bound draft standard for security codes delivered via SMS. This standard ensures security codes are entered in a phishing-resistant manner. It accomplishes this by binding an SMS with…

In this interview, we dig deeper with Maya Kaczorowski on what DevSecOps is, and how to apply it. It’s a mindset shift in how development teams think about security. DevSecOps is about making all parties who are part of the application development lifecycle accountable for security of the application.

GitHub Enterprise Server 2.22 is now here with GitHub Actions, Packages and Advanced Security Code Scanning available for the very first time.

Announcing the public beta of our new integration between GitHub and Microsoft Teams.

The most important way to protect supply chain threats? Scan code for security vulnerabilities, learn how to find vulnerabilities in code, and quickly patch them with dynamic code analysis tools.

Account and billing admins can now provide a list of email addresses to receive billing notifications, including threshold notifications for Actions and Packages. The email addresses may belong to users…

Keeping open source software secure is a community responsibility. But with millions of projects, it’s hard to pinpoint the right signal from noise—and find and fix the vulnerabilities that really…

When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.

GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.

GitHub Actions hosted virtual environments are a turn-key option for running your workflows. But if you need fine-grained control and customization of your environment, then self-hosted runners give you full…

You can now share self-hosted runners across some or all of your GitHub organizations by associating them with an Enterprise Account. This simplifies sharing runners and makes it easy for…

Learn about patterns for configuring and maintaining GitHub Actions self-hosted runners on Google Cloud.