Search results for: GitHub Actions

As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent announcement. These changes will roll out over…

We’re delaying the enforcement of a new cache eviction policy for GitHub Actions from mid-October to November. Currently, each repository has a maximum cache size of 10 GB, and we…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.1, which includes the following: Added support…

As previously communicated for the GitHub Actions Get workflow usage and Get workflow run usage endpoints, we’re closing down the remaining product-specific billing APIs for Actions, Packages, and shared storage.…

Copilot coding agent, our asynchronous, autonomous developer agent, is now generally available for all paid Copilot subscribers. Delegate a task to Copilot, and Copilot will open a draft pull request…

With the new GitHub app for Microsoft Teams, you can ask Copilot coding agent to generate pull requests, directly from a Teams conversation. Copilot coding agent is our asynchronous, autonomous…

Learn how the Secret Protection engineering team collaborated with GitHub Copilot coding agent to expand validity check coverage.

Learn how the GitHub Secure Open Source Fund helped 71 open source projects significantly improve their security posture through direct funding, expert guidance, and actionable playbooks.

Following our previous announcement, the Dependabot reviewers configuration option has been removed. We’ve retired this configuration option because the functionality overlaps with GitHub code owners. You can use code owners…

The role of junior developer is evolving. If you’re at this stage in your career, here’s how to keep up and stand out.

Starting today, Linux and Windows arm64 standard hosted runners in public repositories are generally available. Developers can take advantage of the performance benefits of using arm64 processors or run their…

As of today, npm trusted publishing with OpenID Connect (OIDC) is now generally available. This feature enables you to securely publish npm packages directly from CI/CD workflows using OpenID Connect…

You can delegate tasks to GitHub Copilot coding agent to work on in the background. While working on a task, Copilot has access to its own development environment, powered by…

That idea you’ve been sitting on? The domain you bought at 2AM? A silly or serious side project? This summer, we invite you to build it — for the joy, for the vibes, For the Love of Code 🧡

Organizations using GitHub security configurations can now choose to require CodeQL to run on repositories using either default or advanced setup. Previously, if a repository was using advanced setup, you…

We’re making several important updates to our macOS runner image offerings to ensure you have access to the latest and most efficient CI/CD capabilities. macos-latest migration begins August 4, 2025…

Today, the Git project released new versions to address seven security vulnerabilities that affect all prior versions of Git.

Automatic dependency submission now supports the pip package manager for Python. This release completes the cohort of package managers that now have auto-submission support, adding to the previously-released Maven, Gradle,…

Dependency auto-submission now supports the .NET package manager NuGet. This feature continues to expand the supported range of package manager ecosystems, adding to the existing Maven and Gradle support. Dependency…

Today, we’re extending CodeQL code scanning support to Rust. Developers working on Rust libraries and apps can now benefit from our best-in-class code security analysis. We currently identify issues such…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.21.4, which brings support for a new…