Search results for: GitHub Actions

Featured Project visor adds a system-wide hotkey that can bring up your terminal, much like games that allow instant access to developer console to tweak settings and run commands. Based…

And we’re back! Rebase went on a bit of hiatus, but it has returned in full force for 2009. Read on for the latest and greatest coming out of GitHub!…

Discover how the Ersilia Open Source Initiative accelerates drug discovery by using GitHub Actions to disseminate AI/ML models.

Generate and verify signed attestations for anything you make with GitHub Actions.

Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.

With enterprise accounts for all, your organization can take advantage of all that GitHub Enterprise has to offer, from GitHub Actions and GitHub Advanced Security, to Copilot.

The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.

GitHub Actions workflows in the Security category will now appear among the workflow recommendations based on a repository’s content.

Open source is hitting an “Eternal September.” As contribution friction drops, maintainers are adapting with new trust signals, triage approaches, and community-led solutions.

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.24.1, improving support for Maven private package…

Think of Continuous AI as background agents that operate in your repository for tasks that require reasoning.

Dependabot can now use OpenID Connect (OIDC) to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets. What’s new With OIDC-based authentication, Dependabot update jobs…

Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.

Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.

We envision the future of AI-enabled tooling to look like near-effortless engineering for sustainability. We call it Continuous Efficiency.

Editor’s note (December 19, 2025): We updated this post to indicate new dates for when self-hosted runners need to be updated to v2.329.0 or later. The original upgrade date has…

GitHub now makes it easier for teams to track, prioritize, and remediate security risks that matter by connecting code, build artifacts, and production context. Here’s what’s shipped and how you…

Starting December 1, 2025, all usage-based GitHub products paid by credit card on self-serve metered GitHub Enterprise Cloud accounts will be billed on the first of each month. Your billing…

Nearly a billion commits later, the way we ship code has changed for good. Here’s what the 2025 Octoverse data says about how devs really work now.

Editor’s note (November 5, 2025): We’ve updated this post to explicitly clarify that the affected tokens are npm tokens. Today marks another milestone in our ongoing effort to strengthen npm’s…

On October 7, 2025, we released CodeQL Action v4, which runs on the Node.js 24 runtime. CodeQL Action v3 will be deprecated at the same time as GHES 3.19, which…