Search results for: GitHub Actions

A deep dive on the work that went into making the component that powers repository and pull request file trees.

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

This week’s Copilot Workspace updates are focused on improvements to navigation and file management. As ever, drop your feedback into this discussion. Simpler file tree navigation When folders don’t have…

Now in public preview, Linux arm64 hosted runners are available for free in public repositories. Following the release of arm64 larger hosted runners in June, this offering now extends to…

We’re open sourcing Annotated Logger, a Python package that helps make logs searchable with consistent metadata.

As part of our ongoing efforts to improve flexibility and control for managing the security manager role, we are retiring the security manager API and replacing it with the more…

As you may have seen in Discord a few weeks ago, Copilot Workspace is graduating! It is a very exciting time, and also a time of change. So before getting…

The Gaady Awards are like the Emmy Awards for the field of digital accessibility. And, just like the Emmys, the Gaadys are a reason to celebrate! On November 21, GitHub was honored to roll out the red carpet for the accessibility community at our San Francisco headquarters.

Artifact Attestations now supports attesting multiple subjects simultaneously. When the attest-build-provenance or attest-sbom actions create multiple attestations, a single attestation is created with references to each of the supplied subjects,…

To help you better understand the state of your pull request and get it merged faster, the merge experience on the pull request page has been improved! This experience is…

Audit logs play a critical role in keeping enterprises secure and auditing enterprise activity for compliance. Since becoming generally available in January 2022, audit log streaming has been used by…

New accessibility enhancements to the security overview data visuals make it easier and more inclusive for everyone to interact with and understand code security insights. What’s new? Improved visual accessibility:…

Today we’re introducing skillsets, a new lightweight way to build GitHub App-based Copilot Extensions alongside our existing agents approach. While agents offer full control over the user interaction, skillsets make…

If you are using GitHub Enterprise Cloud with EMU and using OpenID Connect (OIDC) SSO, this new feature, currently in public preview, will help enforce IdP-defined IP restrictions to protect…

Learn about browser extension security and secure your extensions with the help of CodeQL.

August and September contained a number of improvements to GitHub Mobile, including Focused Notifications for those high-priority items in your Inbox, a contribution graph widget on Android, and a continued…

You can now restrict pushes into your private and internal repositories and their forks, with push rules – a new type of ruleset. Push rules enable you to limit updates…

Since last month’s upgrade to GPT-4o, we now increased the available Chat context, so you can reference larger files and have longer chat conversations with GitHub Copilot Chat in VS…

CodeQL code scanning can now analyze Java and C# code without having to observe a build. This makes it easier to roll out the security analysis on large numbers of…

In July, GitHub Mobile introduced three major improvements App Lock! Securely unlock the GitHub app with just a glance. Enable App Lock in Settings to use FaceID, TouchID or pass…

March 20, 2025 update To clarify the exact impact of this change, we’ve updated the title and the wording we used in this changelog. Previously it was titled “Enterprise Managed…