Search results for: GitHub Actions

Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.

What’s new? Starting today, Dependabot will pause automated pull request activity if you haven’t merged, closed, or otherwise interacted with Dependabot for over 90 days. To resume activity when you’re…

Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).

Code scanning can now be easily setup with a few button clicks, and without committing a workflow file to the repository. Code scanning’s new default setup feature automatically finds and…

Forrester’s Total Economic Impact™ study dives into how GitHub Enterprise Cloud and GitHub Advanced Security help businesses drive ROI, increase developer productivity, and save time on developer onboarding.

What’s the state of open source and how has it changed over the last decade? GitHub’s VP of Developer Relations, Martin Woodward, tackles that question and more in a 2022 keynote.

We promised we’d be back soon and here we are! There has been an incredible amount of open source projects shipping major version releases before the year wraps up. I…

How much does it really cost to buy more powerful cloud compute resources for development work? A lot less than you think.

The deprecation date for the CodeQL Action v1 is shifting. Initially, this was December 2022, and now it is January 2023. This change follows the updated timeline on the deprecation…

Previously, data generated from Checks were not managed by a retention policy and would therefore grow unbounded. A recent change was made to GitHub.com that archives checks data after 400…

A GitHub Actions workflow run is made up of one or more jobs and each job is associated with a check run. The workflow_job webhook is sent during state transitions…

The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.

Explore how GitHub Enterprise can help you transform your software engineering organization and practices.

Upgrade your local installation of Git, especially when cloning with –recurse-submodules from untrusted repositories, or if you use git shell interactive mode.

New to Git v2.38, Scalar is a built-in repository manager for large repos. Here, we’ll tell the story of how Scalar went from a rough VFS for Git successor to a fully-integrated Git tool, with all of the engineering lessons learned in the process.

On September 5, 2022, we reverted a recent change to our indirect pull request merge logic that was causing some pull requests to be incorrectly marked as merged. This could…

Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.

The ReadME Project & Podcast evolve with community expert voices and topics to stoke discussion about the culture and craft of software development.

As previously announced in June, Learning Lab is now deprecated in favor of GitHub Skills. Learning Lab’s course repositories have been archived as of today. You’ll continue to have access…

We’re examining Git’s internals to help make your engineering system more efficient. This post views Git as a distributed database and looks into its synchronization techniques, specifically ‘git fetch’ and ‘git push’.

It’s now easier to debug CodeQL analysis problems in code scanning: click Re-run jobs from the GitHub Actions workflow run page, check the Enable debug logging box, and hit the…