CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.24.1, improving support for Maven private package…
Think of Continuous AI as background agents that operate in your repository for tasks that require reasoning.
Dependabot can now use OpenID Connect (OIDC) to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets. What’s new With OIDC-based authentication, Dependabot update jobs…
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
We envision the future of AI-enabled tooling to look like near-effortless engineering for sustainability. We call it Continuous Efficiency.
Editor’s note (December 19, 2025): We updated this post to indicate new dates for when self-hosted runners need to be updated to v2.329.0 or later. The original upgrade date has…
GitHub now makes it easier for teams to track, prioritize, and remediate security risks that matter by connecting code, build artifacts, and production context. Here’s what’s shipped and how you…
Starting December 1, 2025, all usage-based GitHub products paid by credit card on self-serve metered GitHub Enterprise Cloud accounts will be billed on the first of each month. Your billing…
Nearly a billion commits later, the way we ship code has changed for good. Here’s what the 2025 Octoverse data says about how devs really work now.
Editor’s note (November 5, 2025): We’ve updated this post to explicitly clarify that the affected tokens are npm tokens. Today marks another milestone in our ongoing effort to strengthen npm’s…
On October 7, 2025, we released CodeQL Action v4, which runs on the Node.js 24 runtime. CodeQL Action v3 will be deprecated at the same time as GHES 3.19, which…
At Universe 2025, GitHub’s next evolution introduces a single, unified workflow for developers to be able to orchestrate any agent, any time, anywhere.
You can now configure Copilot coding agent’s development environment to run in your own infrastructure using self-hosted GitHub Actions runners managed by Actions Runner Controller (ARC). With this setup, you…
Log4Shell proved that open source security isn’t guaranteed and isn’t just a code problem. It’s about supporting, enabling, and empowering the people behind the projects that build our digital infrastructure.
Copilot coding agent is our asynchronous, autonomous background agent. Delegate a task to Copilot, and it works in the background, then requests a review from you. When Copilot starts work,…
Discover how GitHub Copilot has evolved from a high-powered autocomplete tool to a powerful, multi-model agentic assistant.
We’ve added support for Rust and scanning C/C++ projects without builds in CodeQL, the engine powering GitHub code scanning. Both of these initiatives have ended their public preview and are…
As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…
We’re delaying the enforcement of a new cache eviction policy for GitHub Actions from mid-October to November. Currently, each repository has a maximum cache size of 10 GB, and we…
CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.1, which includes the following: Added support…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
