Search results for: GitHub Actions

We’ve shipped a small fix to improve security around creation of pull requests in public repos. Prior to this fix and under very specific conditions, a user could create a…

Could we use our Git repository as the source of truth for operational tasks, and somehow reconcile changes with our real-world view?

You may start seeing a temporary authorization hold after accruing usage of metered products (GitHub Actions, Packages, or Codespaces). This will appear as a pending charge in your account’s payment…

Learn some tips, tricks, and tools for mastering the command line from GitHub’s own developers.

A new set of Git releases were published to address a variety of security vulnerabilities. All users are encouraged to upgrade. Take a look at GitHub’s view of the latest round of releases.

As we work towards general availability of pull request merge queue, we want to thank everyone that has provided feedback ❤ (keep it coming!) and let you know about some…

npm packages built on a cloud CI/CD system (like GitHub Actions) can now publish with provenance, meaning the package has verifiable links back to its source code and build instructions.…

How to verifiably link npm packages to their source repository and build instructions.

Rapid advancements in generative AI coding tools like GitHub Copilot are accelerating the next wave of software development. Here’s what you need to know.

When changes in a repository make a Dependabot pull request out-of-date, Dependabot will automatically rebase it so that it is able to be merged without your manual effort. With this…

How GitHub Enterprise ensures secure and compliant developer workflows for highly regulated industries.

Code scanning default setup is now available for Go! Default setup automatically finds and sets up the best CodeQL configuration for your repository. It detects the languages in the repository…

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.

Enabling CodeQL analysis with code scanning default setup for eligible repositories in your organization is now as easy as a single click from the organization’s settings page or a single…

SCaLE is the largest community-run open-source and free software conference in North America. It takes place next week in Pasadena, CA from March 9-12, 2023 and we’ll be there!

Code scanning default setup can now be easily enabled for a single repository from the slide-out panel on your organization’s “Security Coverage” page, without needing to navigate to the repository’s…

Explore how using GitHub and HashiCorp together enables enterprises to develop and ship to their customers faster and more secure with consistent workflows and actions.

Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.

Git users are encouraged to upgrade to the latest version, especially if they use `git apply` or `git clone` against untrusted patches or repositories.

Welcome to our special edition of the Release Radar 🎄. Between Christmas festivities, end of the year parties, Chinese New Year, or simply enjoying some time off, almost everyone has…

Dependency graph automatically supports many ecosystems, but some additional ecosystems require configuration to submit dependencies with the dependency submission API. The community maintains several GitHub Actions that make this easier.…