Search results for: GitHub Actions

If you’re using starter workflows to prepare the build and release steps for your Java projects that use Gradle, these projects will now have more comprehensive dependency graph information in…

Consider deploying the GitHub Action: Evergreen so that you know each of your repositories are leveraging active dependency management with Dependabot.

Explore how DevEx boosts productivity and innovation according to new research.

Explore what flow state entails, its benefits, and three tips for reaching it the next time you code.

Following our previous communication dated November 8, 2023, regarding the temporary rollback of the Copilot content exclusions feature, we are pleased to announce the re-deployment of this feature with significant…

As we look to empower developers with AI tools, we inadvertently integrate AI deeper into the way developers work. How do developers feel about that? And what are the most impactful ways to introduce more AI into workflows? We recently conducted 25 in-depth interviews with developers to understand exactly that.

Use CodeQL threat model settings for Java (beta) to adapt CodeQL’s code scanning analysis to detect the most relevant security vulnerabilities in your code. No two codebases are the same…

Alerts are a Markdown extension displayed with distinctive colors and icons to indicate the significance of the content. Five different types of alerts are supported: Note: Useful information that users…

Learn about how we run a scalable vulnerability management program built on top of GitHub.

Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.

Shortly after releasing Copilot content exclusions on November 8, 2023, our team observed that the feature was causing clients to be incorrectly blocked from using Copilot. This necessitated an immediate…

Starting today, in Actions workflows, the pull_request_target trigger is now supported for repository rulesets that require a successful workflow run. This is in addition to pull_request and merge_group, making pull_request_target…

We’re excited to share with you the contributors Action! At GitHub, we maintain several open source repositories and have developed this Action to empower maintainers to measure how many new and returning contributors and contributions have occurred over any given time period.

Requiring Actions workflows with Repository Rules is now generally available on GitHub.com! Through Repository Rules, GitHub Enterprise Cloud customers can now set up organization-wide rules to enforce their CI/CD workflows,…

Open source generative AI projects are a great way to build new AI-powered features and apps.

Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!

In this post, I’ll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

Dependency review now works with your dependencies from the dependency submission API. Dependency review enforces policies around vulnerabilities and acceptable licenses in the pull request. Previously, dependency review could not…

Rust continues to top the charts as the most admired and desired language by developers, and in this post, we dive a little deeper into how (and why) Rust is stealing the hearts of developers around the world.

The enterprise and organization level audit logs now record an event when the setting for automatic validity checks for secrets is enabled or disabled. This data helps GitHub Advanced Security…

Dependabot can now open pull requests to resolve alerts for your Gradle dependencies! If you have used the dependency submission API to upload your Gradle dependencies to the dependency graph…