Search results for: GitHub Actions

Security should be native to your workflow, not a painful separate process.

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.20.6, which brings support for a new…

CodeQL version 2.20.5 has been released and includes a host of coverage improvements, including extended support for C# 13 and new detection capabilities for Java and GitHub Actions workflow files.…

GitHub’s Digital Public Goods Open Source Community Manager Program just wrapped up a second successful year, helping Community Managers gain experience in using open source for good.

The improved merge experience on the pull request page announced in December will be enabled by default over the next few days! The feature remains in public preview while we…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. The CodeQL engine has become faster, covers 28 more security queries,…

GitHub Actions is excited to announce new enhancements to our suite of larger hosted runners. Edit the size of a runner Starting today, you can edit the size of your…

On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. In January 2024, we announced that CodeQL Action v2 would be retired at the…

The Windows 2025 server image for GitHub Actions hosted runners is now available in public preview. To start using this image in your Actions workflows, update your workflow file to…

Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.

Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.

Find out how we’re evolving GitHub and GitHub Copilot—and get access to the latest previews and GA releases.

In this year’s Octoverse report, we study how public and open source activity on GitHub shows how AI is expanding as the global developer community surges in size.

Copilot Autofix now supports fix suggestions for problems detected by ESLint, a partner code scanning tool. Autofixes are available both in pull requests and for historical alerts. ESLint is the…

CodeQL version 2.19.0 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL is the static analysis engine that powers GitHub code scanning. Important…

How GitHub volunteers built an open source metrics dashboard for the World Health Organization and some best practices they picked up along the way.

To create a comprehensive model of the dependencies in a Maven project, it is essential to understand the the transitive dependencies that are resolved at build-time. This feature automatically performs…

GitHub Artifact Attestations is generally available We’re thrilled to announce the general availability of GitHub Artifact Attestations! Artifact Attestations allow you to guarantee the integrity of artifacts built inside GitHub…

Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code.

Create a tamper-proof papertrail for anything you build on Actions Artifact Attestations lets you sign builds in GitHub Actions, capturing provenance information about the artifact and making it verifiable from…