Search results for: GitHub Actions

Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.

With enterprise accounts for all, your organization can take advantage of all that GitHub Enterprise has to offer, from GitHub Actions and GitHub Advanced Security, to Copilot.

The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.

GitHub Actions workflows in the Security category will now appear among the workflow recommendations based on a repository’s content.

Copilot coding agent is our asynchronous, autonomous background agent. Delegate a task to Copilot, and it works in the background, then requests a review from you. When Copilot starts work,…

Discover how GitHub Copilot has evolved from a high-powered autocomplete tool to a powerful, multi-model agentic assistant.

We’ve added support for Rust and scanning C/C++ projects without builds in CodeQL, the engine powering GitHub code scanning. Both of these initiatives have ended their public preview and are…

As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…

We’re delaying the enforcement of a new cache eviction policy for GitHub Actions from mid-October to November. Currently, each repository has a maximum cache size of 10 GB, and we…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.1, which includes the following: Added support…

As previously communicated for the GitHub Actions Get workflow usage and Get workflow run usage endpoints, we’re closing down the remaining product-specific billing APIs for Actions, Packages, and shared storage.…

Copilot coding agent, our asynchronous, autonomous developer agent, is now generally available for all paid Copilot subscribers. Delegate a task to Copilot, and Copilot will open a draft pull request…

With the new GitHub app for Microsoft Teams, you can ask Copilot coding agent to generate pull requests, directly from a Teams conversation. Copilot coding agent is our asynchronous, autonomous…

Learn how the Secret Protection engineering team collaborated with GitHub Copilot coding agent to expand validity check coverage.

Learn how the GitHub Secure Open Source Fund helped 71 open source projects significantly improve their security posture through direct funding, expert guidance, and actionable playbooks.

Following our previous announcement, the Dependabot reviewers configuration option has been removed. We’ve retired this configuration option because the functionality overlaps with GitHub code owners. You can use code owners…

The role of junior developer is evolving. If you’re at this stage in your career, here’s how to keep up and stand out.

Starting today, Linux and Windows arm64 standard hosted runners in public repositories are generally available. Developers can take advantage of the performance benefits of using arm64 processors or run their…

As of today, npm trusted publishing with OpenID Connect (OIDC) is now generally available. This feature enables you to securely publish npm packages directly from CI/CD workflows using OpenID Connect…

You can delegate tasks to GitHub Copilot coding agent to work on in the background. While working on a task, Copilot has access to its own development environment, powered by…

That idea you’ve been sitting on? The domain you bought at 2AM? A silly or serious side project? This summer, we invite you to build it — for the joy, for the vibes, For the Love of Code 🧡