This public beta enables developers to use a directories key to list multiple directories for the same ecosystem configuration in the dependabot.yml file. Previously, developers with multiple package manifests for…
We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.
Today, we’re releasing security tool-specific filters for the security overview dashboard and secret scanning metrics page. Have you ever wondered, “How well is my organization handling SQL injections?” or “How…
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.
Dependabot grouped security updates are now generally available. This feature automatically groups Dependabot pull requests, lets you specify several additional options to fine tune your groupings. You can enable grouped…
Today, we’re releasing a host of new insights to the security overview dashboard, as well as an enhanced secret scanning metrics page. New dashboard insights Third-party alerts integration: Beyond GitHub’s…
Previously, if you specified your private registry configuration in the dependabot.yml file and also had a configuration block for that ecosystem using the target-branch key, Dependabot security updates wouldn’t utilize…
Dependabot security updates help you keep your dependencies secure by opening pull requests when a Dependabot alert is raised. With today’s release, you can now use flexible grouping options in…
A peek under the hood of GitHub Advanced Security code scanning autofix.
Get excited for this month’s Release Radar. Maintainers were hard at work this past month, shipping major updates for you all. Read on for our top staff picks.
Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.
Our latest solution to the ubiquitous engineering problem of integration testing in a distributed service ecosystem here at GitHub.
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!
Discover the latest trends and insights on public software development activity on GitHub with the release of Q3 2023 data for the Innovation Graph.
Take CODEOWNERS and GitHub teams to the next level. Learn about how GitHub engineering solves the age old problem of who owns what.
Learn about how we run a scalable vulnerability management program built on top of GitHub.
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.
GitHub uses MySQL to store vast amounts of relational data. This is the story of how we seamlessly upgraded our production fleet to MySQL 8.0.
Reduce pull request noise and fix multiple security alerts at once with Dependabot grouped security updates. Starting today, you can enable grouped security updates for Dependabot at the repository or…
We have partnered with our sister team at Microsoft to bring some improvements to the NuGet ecosystem for Dependabot updates: Updater logic re-written in C#, making it easier for users…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
