Creating a more comprehensive dependency graph with build time detection
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
Dependency graph now supports submissions through the dependency submission API (beta). This enables you to add dependencies, such as those resolved when software is compiled or built, to the dependency…
GitHub Advanced Security customers can now view bypasses of secret scanning’s push protection in the enterprise and organization audit logs. The GitHub REST API and webhooks now also contain bypass…
Today, we’re announcing that the ability to prebuild codespaces is entering general availability. A prebuilt codespace serves as a “ready-to-go” template where your source code, editor extensions, project dependencies, commands,…
The Dependency Review GitHub Action, which checks if pull requests introduce a dependency with a known vulnerability, now supports configuration based on vulnerability severity and license type. The following configuration…
Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience.
Achievements celebrate specific events and actions that happen on GitHub. They will appear as small badges listed in the sidebar of your profile and are in Public Beta starting today.…
The enterprise and organization level audit logs now record an event when a secret scanning alert is created, closed, or reopened. This data helps GitHub Advanced Security customers understand actions…
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.
We’re taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
Repository administrators can now configure how often/when prebuild configurations for a given branch should be updated. Prebuilds enable developers to startup Codespaces in seconds – regardless of repository size or…
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.
The audit log now includes events associated with secret scanning custom patterns. This data helps GitHub Advanced Security customers understand actions taken on their repository, organization, or enterprise level custom…
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.
Organization members and teams can now be granted a moderator role. Organization moderators are able to: Block and unblock users from the organization Manage organization interaction limits Manage repository interaction…
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.
A CODEOWNERS file defines the users or teams responsible for different parts of your repository, and helps ensure the right people are included in pull request reviews. We’ve shipped some…
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.
A deep dive into how GitHub adds support for new languages to CodeQL.
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Join us October 28-29 in San Francisco or online for GitHub Universe, our flagship developer event uniting people, agents, and the world’s code.