Search results for: REST API

This is the first post in a two-part series describing friendly forks and alternative strategies for managing them. Stay tuned for part two coming in May!

Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.

Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.

The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.

From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.

We believe our technical interviews should be as similar as possible to the way we work at GitHub.

Advice on fundamentals, picking languages to learn, social media presence, interviewing, and more

Over the past few weeks, we have experienced multiple incidents due to the health of our database. We wanted to share what we know about these incidents while our team continues to address them.

If there’s one habit that can make software more secure, it’s probably input validation. Here’s how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets we help protect users from data leaks and fraud associated with…

Our community has shipped lots of open source project updates in the last month. Here’s a few of our staff picks.

The code scanning alert page now always shows the alert status and information for the default branch. There is a new ‘Affected branches’ panel in the sidebar to see the…

Dependency caching is one of the most effective ways to make jobs faster on GitHub Actions. You can now monitor the storage usage of your existing caches and get greater…

Support for Actions in internal repositories is now generally available for GitHub organizations owned by an enterprise account. You can innersource automation by sharing Actions in internal repositories, without publishing…

A CODEOWNERS file defines the users or teams responsible for different parts of your repository, and helps ensure the right people are included in pull request reviews. We’ve shipped some…

A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.

GitHub Advanced Security customers can now enable secret scanning for their archived repositories via the UI and API. For more information: About secret scanning About archived repositories

When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

Learn new skills, build projects and meet like-minded students with the latest shows from the GitHub Education Stream Team.

When digital infrastructure is overlooked by governments, it isn’t just a missed opportunity: policies may inadvertently endanger open source collaboration.