
npm provenance general availability
npm provenance is now generally available. npm packages built on a supported cloud CI/CD system can publish with provenance. Today this includes GitHub Actions and GitLab CI/CD. Publishing with provenance…
npm provenance is now generally available. npm packages built on a supported cloud CI/CD system can publish with provenance. Today this includes GitHub Actions and GitLab CI/CD. Publishing with provenance…
Support for migrating Jenkins Scripted Pipelines to GitHub Actions is now available as a private beta! If you use Scripted Pipelines in your Jenkins instances, you can now automate the…
In the world of software development, collaboration can make the difference between a brittle last-minute release and a reliable, maintainable, pain-free project. Whether you’ve been coding for a day or a decade, your colleagues are there to help strengthen your work. But they can only help if you’ve given them the tools to do so.
With the new Issue Metrics GitHub Action, you can now track and monitor important metrics related to issues, pull requests, and discussions, such as time to first response, time to close, and more!
Reduce developer and auditor friction involved in demonstrating compliance and maintaining end-to-end traceability by focusing your efforts around the pull request.
Developer experience (DevEx) is a key theme when it comes to transforming businesses with GitHub.
Enterprise users will now notice added functionality where Dependabot security and version updates may be paused for repositories. If you are an enterprise user that uses Dependabot updates and there…
Today we are announcing the general availability of code scanning default setup enablement at the organization level. You can use code scanning default setup to enable CodeQL analysis for pull…
Starting today, you will now receive Dependabot alerts for vulnerabilities associated with your Swift dependencies. The GitHub Advisory Database now includes curated Swift advisories. This brings the Advisory Database to…
Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.
We’ve shipped a small fix to improve security around creation of pull requests in public repos. Prior to this fix and under very specific conditions, a user could create a…
Could we use our Git repository as the source of truth for operational tasks, and somehow reconcile changes with our real-world view?
You may start seeing a temporary authorization hold after accruing usage of metered products (GitHub Actions, Packages, or Codespaces). This will appear as a pending charge in your account’s payment…
Learn some tips, tricks, and tools for mastering the command line from GitHub’s own developers.
A new set of Git releases were published to address a variety of security vulnerabilities. All users are encouraged to upgrade. Take a look at GitHub’s view of the latest round of releases.
As we work towards general availability of pull request merge queue, we want to thank everyone that has provided feedback ❤ (keep it coming!) and let you know about some…
npm packages built on a cloud CI/CD system (like GitHub Actions) can now publish with provenance, meaning the package has verifiable links back to its source code and build instructions.…
How to verifiably link npm packages to their source repository and build instructions.
Rapid advancements in generative AI coding tools like GitHub Copilot are accelerating the next wave of software development. Here’s what you need to know.
When changes in a repository make a Dependabot pull request out-of-date, Dependabot will automatically rebase it so that it is able to be merged without your manual effort. With this…
How GitHub Enterprise ensures secure and compliant developer workflows for highly regulated industries.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.