Search results for: Account

npm is introducing a new setting for access tokens to support publishing to the npm registry from CI/CD workflows. Previously, you could create an access token with one of two…

The default branch name for new repositories is now main. To set a different default: For users, on the https://github.com/settings/repositories page For organization owners, on the https://github.com/organizations/YOUR-ORGANIZATION/settings/repository-defaults page For enterprise…

Starting today you can temporarily disable a GitHub Actions workflow either in the UI or through the API. With this functionality you can stop a workflow from being triggered without…

We recently shipped support for the origin-bound draft standard for security codes delivered via SMS. This standard ensures security codes are entered in a phishing-resistant manner. It accomplishes this by binding an SMS with…

In this interview, we dig deeper with Maya Kaczorowski on what DevSecOps is, and how to apply it. It’s a mindset shift in how development teams think about security. DevSecOps is about making all parties who are part of the application development lifecycle accountable for security of the application.

GitHub Enterprise Server 2.22 is now here with GitHub Actions, Packages and Advanced Security Code Scanning available for the very first time.

Announcing the public beta of our new integration between GitHub and Microsoft Teams.

The most important way to protect supply chain threats? Scan code for security vulnerabilities, learn how to find vulnerabilities in code, and quickly patch them with dynamic code analysis tools.

Account and billing admins can now provide a list of email addresses to receive billing notifications, including threshold notifications for Actions and Packages. The email addresses may belong to users…

Keeping open source software secure is a community responsibility. But with millions of projects, it’s hard to pinpoint the right signal from noise—and find and fix the vulnerabilities that really…

When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.

GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.

GitHub Actions hosted virtual environments are a turn-key option for running your workflows. But if you need fine-grained control and customization of your environment, then self-hosted runners give you full…

You can now share self-hosted runners across some or all of your GitHub organizations by associating them with an Enterprise Account. This simplifies sharing runners and makes it easy for…

Learn about patterns for configuring and maintaining GitHub Actions self-hosted runners on Google Cloud.

Today GitHub Actions shipped a series of features designed to improve your workflows when working with PRs from repository forks. New settings for private repository forks Many GitHub customers choose…

GitHub Actions gives you the power to automate your workflow. Connect with the tools you know and love. Have more freedom to innovate and be creative. Deploy to any cloud,…

As previously announced, beginning November 13th, 2020, we will no longer accept account passwords when authenticating with the REST API and will require the use of token-based authentication (e.g., a…

You can now sign up for Sponsors if you have a bank account in Cyprus or any of the other 34 regions where Sponsors is generally available. Not in a…

GitHub Enterprise accounts on github.com now enjoy higher hourly API rate limits for both GitHub Apps and OAuth Apps. OAuth Apps were increased to 15,000 API calls per hour from…

Last week, the Court of Justice of the European Union (CJEU) ruled the EU-US Privacy Shield, a mechanism governing personal data transfers from the EU to the US, is invalid due to concerns…