Search results for: GitHub Actions

Generate and verify signed attestations for anything you make with GitHub Actions.

Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.

With enterprise accounts for all, your organization can take advantage of all that GitHub Enterprise has to offer, from GitHub Actions and GitHub Advanced Security, to Copilot.

The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.

GitHub Actions workflows in the Security category will now appear among the workflow recommendations based on a repository’s content.

GitHub now makes it easier for teams to track, prioritize, and remediate security risks that matter by connecting code, build artifacts, and production context. Here’s what’s shipped and how you…

Starting December 1, 2025, all usage-based GitHub products paid by credit card on self-serve metered GitHub Enterprise Cloud accounts will be billed on the first of each month. Your billing…

Nearly a billion commits later, the way we ship code has changed for good. Here’s what the 2025 Octoverse data says about how devs really work now.

Editor’s note (November 5, 2025): We’ve updated this post to explicitly clarify that the affected tokens are npm tokens. Today marks another milestone in our ongoing effort to strengthen npm’s…

On October 7, 2025, we released CodeQL Action v4, which runs on the Node.js 24 runtime. CodeQL Action v3 will be deprecated at the same time as GHES 3.19, which…

At Universe 2025, GitHub’s next evolution introduces a single, unified workflow for developers to be able to orchestrate any agent, any time, anywhere.

You can now configure Copilot coding agent’s development environment to run in your own infrastructure using self-hosted GitHub Actions runners managed by Actions Runner Controller (ARC). With this setup, you…

Copilot coding agent is our asynchronous, autonomous background agent. Delegate a task to Copilot, and it works in the background, then requests a review from you. When Copilot starts work,…

Discover how GitHub Copilot has evolved from a high-powered autocomplete tool to a powerful, multi-model agentic assistant.

We’ve added support for Rust and scanning C/C++ projects without builds in CodeQL, the engine powering GitHub code scanning. Both of these initiatives have ended their public preview and are…

As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…

We’re delaying the enforcement of a new cache eviction policy for GitHub Actions from mid-October to November. Currently, each repository has a maximum cache size of 10 GB, and we…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.1, which includes the following: Added support…

As previously communicated for the GitHub Actions Get workflow usage and Get workflow run usage endpoints, we’re closing down the remaining product-specific billing APIs for Actions, Packages, and shared storage.…

Copilot coding agent, our asynchronous, autonomous developer agent, is now generally available for all paid Copilot subscribers. Delegate a task to Copilot, and Copilot will open a draft pull request…