
Code scanning API
If you are enrolled in the GitHub Advanced Security code scanning beta, we are releasing new APIs for you to start using. This release also includes some breaking changes to…
If you are enrolled in the GitHub Advanced Security code scanning beta, we are releasing new APIs for you to start using. This release also includes some breaking changes to…
Integrating static analysis security testing into the developer workflow is hard. We discuss the challenges and how to overcome them
GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.
Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk, a company that uses ZAP to help users fix application security bugs before they hit production. Prior to making the move into security, he was a developer for 25 years and strongly believes that you can’t build secure web applications without knowing how to attack them.
The open source Git project just released Git 2.28 with features and bug fixes from over 58 contributors, 13 of them new. We last caught up with you on the…
Now you can create custom workflow templates to promote best practices and consistency across your organization.
Now you can define secrets for an organization, making it easier to keep secrets synced across multiple repositories.
You can now create organization secrets, reducing the need to duplicate secrets across repositories. Access policies let you control which repositories have access to the organization secret Updating a secret…
Explore some impactful open source projects being created by teams around the world in response to COVID-19.
Learn more about autograding and how it provides students with immediate feedback they can apply before an assignment is due.
IP allow lists are now generally available for GitHub Enterprise Cloud customers – allowing enterprise and organization owners to limit access to enterprise assets to an allowed set of source…
We are changing the default behavior of the endpoint in the Actions API that lists the jobs for a workflow run. Previously this endpoint was returning all jobs, including old…
Learn more about updates we’ve made to our Terms of Service and Privacy Statement.
We’re sharing interviews from several open source contributors about their projects, challenges, and what a GitHub sponsorship means to them. This week, hear from Fatih Arslan.
Join us for the latest episode of The Check-In webcast, our quarterly round-up of what’s new at GitHub for our business customers.
A roundup of our favorite 2018 ships for collaboration, business, platform, security, and learning.
With the Microsoft acquisition of GitHub complete, Nat Friedman joins as CEO.
Join us for an inside look at all the new releases announced at Universe.
Launch report: Everything we released at GitHub Universe
We’ve released support for enforcing GitHub Artifact Attestations in OPA Gatekeeper, an open source admission controller for Kubernetes, in public preview. With this release, you can write and enforce policies…
GitHub Models evaluations tooling now supports multiple variables with any names, not just {{input}}! Previously, the tooling only recognized a single variable named {{input}}. Prompts using variables like {{experience}} or…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.