Search results for: Authentication

Passkeys are a replacement for passwords when signing in, providing higher security, ease-of-use, and loss-protection. They’re now available on GitHub.com as a public beta – see this blog post for…

Level up your use of GitHub Projects on the command line and in GitHub Actions with the new project CLI command.

During two-factor authentication and when entering sudo mode for sensitive actions on GitHub.com, TOTP codes could be successfully used multiple times within their validity window. To improve security, this reuse…

The option to use SMS on the sudo page on GitHub.com has been removed. Users can still use other 2FA methods as well as their password to pass the sudo…

The open-source Git project just released Git 2.41. Take a look at our highlights on what’s new in Git 2.41.

GitHub recently experienced several availability incidents, both long running and shorter duration. We have since mitigated these incidents and all systems are now operating normally. Read on for more details about what caused these incidents and what we’re doing to mitigate in the future.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Previously, all attached (drag-and-dropped) images and videos on GitHub Issues, Pull Requests, Discussions, and wikis were available to view without authentication if you knew their direct URL. Now, future attachments…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Fine-grained PATs can now call the GitHub GraphQL API. This was a limitation at the start of the public beta, and is now supported. Like with the REST API, the…

A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.

GitHub Enterprise Cloud customers can now join a public beta for streaming API request events as part of their enterprise audit log. As part of this beta, REST API calls…

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.

We are preparing to bring powerful new code search capabilities to GitHub. As part of that effort, on April 10, 2023, we will make several changes to the code search…

On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.

With updates to GitHub Actions, repositories, and GitHub Advanced Security, this new version of GitHub Enterprise Server is focused on bringing the best developer experience to companies.

The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform’s authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform.

You can now set up both SMS and an authenticator app (TOTP) for two-factor authentication on your GitHub.com account. Previously these methods were mutually exclusive, and you needed to create…

In February, we experienced three incidents that resulted in degraded performance across GitHub services. This report also sheds light into a January incident that resulted in degraded performance for GitHub Packages and GitHub Pages and another January incident that impacted Git users.

The Primary field on two-factor authentication methods has been removed, and replaced with a Preferred option. This new option sets your preferred 2FA method for account login and use of…