Audit logs play a critical role in keeping enterprises secure and auditing enterprise activity for compliance. Since becoming generally available in January 2022, audit log streaming has been used by…
We’re excited to introduce persistent commit signature verification, a powerful new feature designed to elevate the security and reliability of your repository’s commit history. Starting today, GitHub verifies commit signatures…
The GitHub Enterprise Server 3.15 release candidate is here You can now download the GitHub Enterprise Server 3.15 release candidate to try out the new features in this latest version.…
You can now view exact locations of known public leaks for a secret scanning alert, as well as any repositories with duplicate alerts across your enterprise. Public leak and duplicate…
You can now apply code security configurations to archived repositories. This makes it simpler to roll out configurations without having to filter for archived repos, and ensures features like Dependabot,…
Starting today, existing GitHub Enterprise customers will begin to transition to the enhanced billing platform. What is the enhanced billing platform? The enhanced billing platform is a suite of new…
To help you triage and remediate secret leaks more effectively, GitHub secret scanning now indicates if a secret detected in your repository has also leaked publicly with a public leak…
Over the next six months, we will be making the following changes and deprecations to the GitHub Actions service: Reduction to Webhook rate limit in GitHub Actions Starting October 1st,…
You can now add repository permissions to custom organization roles, granting a specific level of access to all the repositories in your organization. This builds on the release of organization-wide…
We’re excited to bring an updated repository list view experience and the ruleset merge queue rule to general availability, as well as an update to the status check and workflow…
Organization owners and security managers can now filter the table of repositories on the code security configurations settings page by configuration attachment failure reason. This is useful when you’ve attempted…
Code security configurations are now generally available (GA)! Code security configurations simplify the rollout of GitHub security products at scale. They help you define collections of security settings and apply…
When rolling out code scanning default setup at scale (e.g., via code security configurations), GitHub checks if an advanced CodeQL setup already exists for each repository. If an advanced setup…
Today, we are announcing the sunset of GitHub Projects (classic), which will follow individual sunset timelines for GitHub.com, GitHub Enterprise Server, and the REST API. Please see the details below…
The code scanning option for repository rules is now available in public beta. Code scanning users can now create a dedicated code scanning rule to block pull request merges, instead…
Starting January 30th, 2025, GitHub Actions customers will no longer be able to use v3 of actions/upload-artifact or actions/download-artifact. Customers should update workflows to begin using v4 of the artifact…
As a proactive measure to protect Github.com availability, GitHub Apps that attempt to create high-complexity scoped installation tokens will receive failures if they would individually reference too many repositories. At…
We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.
Users of secret scanning will now receive alerts for any new secrets exposed in a pull request’s title, description, or comments (including reviews). Alerts can be viewed within the UI…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
