Search results for: GitHub Actions

SKU-level budgets are now available for all metered GitHub products. Administrators and billing managers can now set budgets for specific SKUs within a product. This gives you greater flexibility and…

The Accessibility Design team created a set of annotations to bridge the gaps that design systems alone can’t fix and proactively addresses accessibility issues within Primer components.

An introduction to the three distinct modes of GitHub Copilot and a practical guide for integrating them effectively into your workflow.

During March and April, GitHub Mobile introduced several updates, including bug fixes, accessibility improvements, and a range of new features to make coding and collaboration on the go more seamless.…

Now in public preview, Windows arm64 hosted runners are available for free in public repositories. This runner comes with a Windows 11 Desktop image, fully equipped with all the tooling…

GitHub Codespaces has introduced a new Agentic AI feature—you can now open a Codespace running VSCode’s Copilot agent mode, directly from a GitHub issue. With a single click, you can…

Push rules are great for maintaining the integrity of your codebase by preventing unauthorized changes to critical files such as actions workflows. However, they can sometimes slow down the development…

What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we’ll describe some common CORS issues as well as how you can find and fix them.

Following the ship of transitive labeling for npm packages, the same capabilities are now available for Maven packages: Dependabot alerts now contain a direct label if they are associated with…

Enterprise custom properties and enterprise rulesets are now generally available, further improving the governance features for GitHub Enterprise customers. Enterprise custom properties With enterprise-level custom properties, you can now enrich…

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.

The refreshed commit details page is now generally available! This improved page lets you view and navigate the changes within a commit with improvements to filtering, commenting, and keyboard navigation.…

For 30 years, Java has been a cornerstone of enterprise software development. Here’s why—and how to learn Java.

Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.

January and February brought a number of improvements to GitHub Mobile, making it more powerful and flexible. We’re rolling out exciting new features designed to make coding and collaboration easier…

We released a collection of improvements to Artifact Attestations to make the verification of attestations easier and more consistent. Artifact Attestations let you create provenance signatures, which provide an unforgeable…

As previously announced, Enterprise Managed Users (EMUs) no longer have their emails automatically verified. This helps prevent any accidental data leaks by third party GitHub Apps and OAuth applications that…

A deep dive on the work that went into making the component that powers repository and pull request file trees.

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

This week’s Copilot Workspace updates are focused on improvements to navigation and file management. As ever, drop your feedback into this discussion. Simpler file tree navigation When folders don’t have…