Search results for: GitHub Actions

Copilot enhancements in Visual Studio Code We have introduced several features to the Copilot Chat extension in Visual Studio Code. These updates, available in Visual Studio Code 1.86 and the…

More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.

If you’re using starter workflows to prepare the build and release steps for your Java projects that use Gradle, these projects will now have more comprehensive dependency graph information in…

Consider deploying the GitHub Action: Evergreen so that you know each of your repositories are leveraging active dependency management with Dependabot.

Explore how DevEx boosts productivity and innovation according to new research.

Explore what flow state entails, its benefits, and three tips for reaching it the next time you code.

Following our previous communication dated November 8, 2023, regarding the temporary rollback of the Copilot content exclusions feature, we are pleased to announce the re-deployment of this feature with significant…

As we look to empower developers with AI tools, we inadvertently integrate AI deeper into the way developers work. How do developers feel about that? And what are the most impactful ways to introduce more AI into workflows? We recently conducted 25 in-depth interviews with developers to understand exactly that.

Use CodeQL threat model settings for Java (beta) to adapt CodeQL’s code scanning analysis to detect the most relevant security vulnerabilities in your code. No two codebases are the same…

Alerts are a Markdown extension displayed with distinctive colors and icons to indicate the significance of the content. Five different types of alerts are supported: Note: Useful information that users…

Learn about how we run a scalable vulnerability management program built on top of GitHub.

Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.

Shortly after releasing Copilot content exclusions on November 8, 2023, our team observed that the feature was causing clients to be incorrectly blocked from using Copilot. This necessitated an immediate…

Starting today, in Actions workflows, the pull_request_target trigger is now supported for repository rulesets that require a successful workflow run. This is in addition to pull_request and merge_group, making pull_request_target…

We’re excited to share with you the contributors Action! At GitHub, we maintain several open source repositories and have developed this Action to empower maintainers to measure how many new and returning contributors and contributions have occurred over any given time period.

Requiring Actions workflows with Repository Rules is now generally available on GitHub.com! Through Repository Rules, GitHub Enterprise Cloud customers can now set up organization-wide rules to enforce their CI/CD workflows,…

Open source generative AI projects are a great way to build new AI-powered features and apps.

Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!

In this post, I’ll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

Dependency review now works with your dependencies from the dependency submission API. Dependency review enforces policies around vulnerabilities and acceptable licenses in the pull request. Previously, dependency review could not…

Rust continues to top the charts as the most admired and desired language by developers, and in this post, we dive a little deeper into how (and why) Rust is stealing the hearts of developers around the world.