GitHub Advanced Security customers can now view bypasses of secret scanning’s push protection in the enterprise and organization audit logs. The GitHub REST API and webhooks now also contain bypass…
We recently announced a plan to sunset deprecated Teams API endpoints over the coming weeks. On March 1, we conducted the first scheduled brownout for 12 hours. As we gathered…
Update on March 4, 2022: We have temporarily paused the sunset. Please read the official announcement for more information. In early 2020, we moved the Teams API from a top-level…
Practical tips on how to apply OWASP Top 10 Proactive Control C4.
The GitHub metadata endpoint now contains our SSH host keys. (We’ll continue offering host key fingerprints as well.) { // new entry “ssh_keys”: [ “ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl”, “ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=”, “ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==”…
We have released improvements to the code scanning API: We’ve added the fixed_at timestamp to alerts. This is the first time that the alert was not detected in an analysis.…
It is now possible to list, add, and remove runner labels for Actions self-hosted runners via API. For more info on using the new APIs at a repository, organization, or…
GitHub recently introduced the ability to set an expiration date when creating or regenerating a personal access token (PAT). For a PAT that is authorized to access an organization protected…
You can now set whether a repository allows forking when creating or updating it using either the REST or GraphQL API. Previously, APIs for creating and updating repositories didn’t consider…
The Codes of Conduct API preview, which was accessible with the scarlet-witch-preview header, is being deprecated. On December 6th, 2021, the fields behind this API preview will no longer be…
In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.
Enterprise owners in GitHub Enterprise Cloud can now toggle Git LFS for a repository via API. Learn more about the API reference in our documentation.
The new GraphQL mutation createCommitOnBranch makes it easier to add, update, and delete files in a branch of a repository. This new API offers a simpler way to commit changes…
Forked repositories can now be synced with their upstream using the merge upstream API. For more info, see the documentation here. You can also sync forks through the web UI,…
You can now use the API (beta) to configure custom autolinks to external resources. The REST API now provides GET/POST/DELETE endpoints from which you can view, add or delete custom…
You can now programmatically check the status and resend repository, organization, and Apps webhooks through the REST API, to complement functionality currently provided in the Settings user interface. Using these…
We’ve shipped a couple of changes to our APIs: The code scanning API now returns the CodeQL query version used for an analysis. This can be used to reproduce results…
You can now use a Beta API to approve workflow runs from public forks of first time contributors. Learn more about using this API Learn more about approving first time…
About a year ago, we migrated an old rate limiter in order to serve more traffic and accommodate a more resilient platform architecture. We adopted a replicated Redis backend with…
The API for environments, and environment protection rules is now available. The API enables you to automate scenarios like creating an environment or approving a deployment. Learn more about the…
You can now delete and restore any package type within GitHub Packages, even publicly visible packages. Any package or package version of yours can now be deleted through the github.com…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
