Search results for: GitHub Actions

Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!

During two-factor authentication and when entering sudo mode for sensitive actions on GitHub.com, TOTP codes could be successfully used multiple times within their validity window. To improve security, this reuse…

Code scanning default setup is now available for all CodeQL supported languages, excluding Swift. This includes supporting JavaScript/TypeScript, Ruby, Python, Go, Java/Kotlin, C/C++, and C# at the repository level. We…

The new GitHub Code View brings users many new features to improve the code reading and exploration experiences, and we overcame a number of unique technical hurdles in order to deliver those features without compromising performance.

Explore how investing in a better developer experience frees developers to do what matters most: building great software.

A tool to help you keep your open source catalog organized and up to date.

Today, we’re extending CodeQL code scanning support to Swift! Developers working on Swift libraries and apps on Apple platforms can now benefit from our best-in-class code security analysis. We currently…

Design can have a significant impact on delivering accessible experiences to our users. It takes a cultural shift, dedicated experts, and permission to make progress over perfection in order to build momentum. We’ve got a long way to go, but we’re starting to see a real shift in our journey to make GitHub a true home for all developers.

Starting today, Dependabot will be able to auto-dismiss npm alerts that have limited impact (e.g. long-running tests) or are unlikely to be exploitable. With this ship, Dependabot will cut false…

Open source’s impact on nuclear fusion research, adapting to technological change, and mastering GitHub essentials.

You can now create new repositories with pre-filled form fields, making it even easier to define the right info for your new repos from the start. There are a number…

Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.

In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.

A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.

Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.

Today we are announcing the general availability (GA) of roadmaps in GitHub Projects! 🎉 🗺 Roadmaps for all Since we announced the public beta of roadmaps earlier this year, we’ve…

Code scanning have shipped an API for repositories to programmatically enable code scanning default setup with CodeQL. The API can be used to: Onboard a repository to default setup: gh…

Starting on March 15, 2023, GitHub Team plan customers will be able to create, manage and delete runner groups to better manage their hosted and self hosted runners. Enterprise customers…

You can now designate different types of credits to users who contribute to GitHub security advisories. These new credit types mirror those in the CVE 5.0 schema: finder reporter analyst…

A deep dive into why more people are using Python than ever, its key use cases, and why it’s still so popular 30-plus years after it was first released.

Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.