Search results for: GitHub Actions

In this year’s Octoverse report, we study how public and open source activity on GitHub shows how AI is expanding as the global developer community surges in size.

Copilot Autofix for Dependabot is now available in private preview for TypeScript repositories. This new feature combines the power of GitHub Copilot with Dependabot, making it easier than ever to…

Copilot Autofix now supports fix suggestions for problems detected by ESLint, a partner code scanning tool. Autofixes are available both in pull requests and for historical alerts. ESLint is the…

CodeQL version 2.19.0 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL is the static analysis engine that powers GitHub code scanning. Important…

How GitHub volunteers built an open source metrics dashboard for the World Health Organization and some best practices they picked up along the way.

To create a comprehensive model of the dependencies in a Maven project, it is essential to understand the the transitive dependencies that are resolved at build-time. This feature automatically performs…

GitHub Artifact Attestations is generally available We’re thrilled to announce the general availability of GitHub Artifact Attestations! Artifact Attestations allow you to guarantee the integrity of artifacts built inside GitHub…

Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code.

Create a tamper-proof papertrail for anything you build on Actions Artifact Attestations lets you sign builds in GitHub Actions, capturing provenance information about the artifact and making it verifiable from…

From mastering prompt engineering to leveraging AI for code security, here’s how you can excel in today’s competitive job market.

Repository Updates April 30th, 2024 Deploy keys are now supported as a bypass actor in repository rules, allowing additional granularity for your automations. Previously for deploy keys to bypass a…

While AI revolutionizes software development, it still relies on developers to pilot its use. In this blog, we’ll cover the skills that developers need to have for navigating this new AI-powered coding frontier.

Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.

A peek under the hood of GitHub Advanced Security code scanning autofix.

On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. CodeQL Action v2 will be deprecated at the same time as GHES 3.11, which…

Developers care about security, but poorly integrated tools and other factors can cause frustration. Here are five best practices to reduce friction.

The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here’s what we found and what you can do to better protect your own smart home.

Discover new AI-powered features and tools to help developers stay in the flow and organizations innovate at scale.

In this year’s Octoverse report, we study how open source activity around AI, the cloud, and Git are changing the developer experience.

Atlassian is ending support for its Server products—including Bitbucket Server—in February 2024. In this post, you’ll learn what that means for you, your options, and how you can move to GitHub.

Announcing changes to permissions for packages. We are restricting the refs REST API endpoint from accepting POSTs from users and apps that only have the permission to read and write…