Search results for: REST API

The dependency review API is now generally available. The Dependency Review GitHub Action now allows you to reference a local or external configuration file. There are also new configuration options:…

We recently released organization-level API support that enables administrators to programmatically manage their organization-owned codespaces at scale. Today we’re announcing that these APIs are generally available. With organization APIs providing…

GitHub Advanced Security customers using secret scanning can now specify a custom link via the organization level REST API that will show in the message when push protection detects and…

On September 15, 2022, we fixed a bug on GitHub.com that allowed OAuth tokens (such as personal access tokens) to bypass SAML single sign-on (SSO) requirements to view organization issue…

We recently released a set of organization-level APIs (in beta) to enable administrators to programmatically manage their organization-owned codespaces at scale. Today we’re releasing support for additional organization-level APIs based…

Custom repository roles enable Enterprise organization administrators to define and assign least-privilege roles for their repositories, beyond the standard Read, Triage, Write, Maintain, and Admin roles. Now, REST API endpoints…

We’ve made a series of improvements to the GitHub Connect license sync feature in addition to the “Sync now” button we recently added in GHES: Enterprise administrators can now access…

We strive to understand how developers collaborate and work on GitHub, and we sometimes partner with academics to better understand how we can improve our products. Here’s how we did that to build and evolve GitHub Discussions.

We’ve just released a new version of Octokit.js, our SDK for interacting with the GitHub API from your JavaScript or TypeScript code. The new release adds support for 91 new…

GitHub Advanced Security customers can now view bypasses of secret scanning’s push protection in the enterprise and organization audit logs. The GitHub REST API and webhooks now also contain bypass…

We recently announced a plan to sunset deprecated Teams API endpoints over the coming weeks. On March 1, we conducted the first scheduled brownout for 12 hours. As we gathered…

Update on March 4, 2022: We have temporarily paused the sunset. Please read the official announcement for more information. In early 2020, we moved the Teams API from a top-level…

Practical tips on how to apply OWASP Top 10 Proactive Control C4.

The GitHub metadata endpoint now contains our SSH host keys. (We’ll continue offering host key fingerprints as well.) { // new entry “ssh_keys”: [ “ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl”, “ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=”, “ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==”…

We have released improvements to the code scanning API: We’ve added the fixed_at timestamp to alerts. This is the first time that the alert was not detected in an analysis.…

It is now possible to list, add, and remove runner labels for Actions self-hosted runners via API. For more info on using the new APIs at a repository, organization, or…

GitHub recently introduced the ability to set an expiration date when creating or regenerating a personal access token (PAT). For a PAT that is authorized to access an organization protected…

You can now set whether a repository allows forking when creating or updating it using either the REST or GraphQL API. Previously, APIs for creating and updating repositories didn’t consider…

The Codes of Conduct API preview, which was accessible with the scarlet-witch-preview header, is being deprecated. On December 6th, 2021, the fields behind this API preview will no longer be…

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.

Enterprise owners in GitHub Enterprise Cloud can now toggle Git LFS for a repository via API. Learn more about the API reference in our documentation.