Search results for: GitHub Actions

Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.

Upcoming changes to GitHub Actions runner APIs The orgs/{org}/actions/runners API currently shows self-hosted runners and individual larger hosted runner instances. As of July 3rd, 2025, we will no longer show…

GitHub Actions fine-grained permissions are now generally available and can be used to define custom repository roles. Last year, GitHub introduced the CI/CD Admin role—a pre-defined organization role that grants…

GitHub is consolidating Dependabot’s compute platform to GitHub Actions, and jobs that generate pull requests will be run as GitHub Actions workflows. This allows Dependabot to leverage GitHub Actions infrastructure,…

GitHub Actions has expanded the number of supported Azure private networking regions available to customers, with the following new additions: – Canada East – Canada Central – Japan West –…

Self-hosted runner network communication requirements GitHub has introduced fully qualified and wildcard domains into a new actions_inbound section within the meta API. This enhancement provides customers with a streamlined way…

GitHub code scanning now offers enhanced security protection for your GitHub Actions workflow files through CodeQL analysis, which is now generally available. This feature enables you to identify and remediate…

We’re introducing new controls for automation workflows, enhancing security and flexibility for teams. Additionally, we’ve released updates to Actions runner controller designed to improve performance, customization, and compatibility with evolving…

Comparing GitHub-hosted vs self-hosted runners for your CI/CD workflows? This deep dive explores important factors to consider when making this critical infrastructure decision for your development team.

You can now use the built-in GITHUB_TOKEN from GitHub Actions to authenticate requests to GitHub Models. This simplifies your workflows by integrating AI capabilities directly into your actions, eliminating the…

macOS 15 and Windows 2025 images are now generally available for all GitHub-hosted runners. You can use these images in your workflows on GitHub-hosted standard or larger runners. Get started…

GitHub Actions 96 vCPU larger runners are now generally available. Customers in need of bigger, more powerful machines to run their workloads can use this runner to reduce runtime on…

With these actions, you can keep your open source projects organized, minimize repetitive and manual tasks, and focus more on writing code.

Decommissioned cache service brownouts GitHub has migrated customers to a new cache service and will now be shutting down the old service. This process will include brownouts of the old…

Developers using upload-artifact and download-artifact in their Actions workflows can now ensure the integrity of their artifacts with the new SHA256 digest. This feature automatically verifies that the artifact uploaded…

We recently launched analysis capabilities for GitHub Actions workflow files in public preview. With the release of CodeQL 2.20.5, we are expanding the analysis capabilities to detect additional types of…

Update: Additional brownout dates for Ubuntu 20 were added in April. The following post has been updated to reflect this change. Changes to check run status modification To ensure the…

We are deprecating real-time job status updates for GitHub Actions workflow notifications in Slack and Microsoft Teams on the 10th of March 2025. Users will continue to receive notifications when…

Update: The date for closing down the Ubuntu 20 image has changed to April 15. The following post has been updated to reflect this change. Ubuntu 20 image is closing…

In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours.

Update: The date for closing down the Ubuntu 20 image has changed to April 15. The following post has been updated to reflect this change. Ubuntu-latest upcoming breaking changes We…