The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here’s what we found and what you can do to better protect your own smart home.
Beginning January 8th, 2024, we will be making changes to the repository insights UI and API on GitHub for repositories with over 10,000 commits. The targeted UI and API have…
Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. We’ve heard your feedback, which is helping…
Organization owners can now create and assign custom organization roles, which grant members and teams specific sets of privileges within the organization. Like custom repository roles, organization roles are made…
Starting today, apps and tokens used to create a release via the REST API endpoint will require the workflow scope or workflows:write permission in certain cases. The workflow scope or…
Auto-triage rules are a powerful tool to help you reduce alert and pull request fatigue substantially, while better managing your alerts at scale. What’s changing? Starting today, you can define…
Repository rule insights now make finding more details about how someone merged specific code into your repos even easier. 🔍 Filter by status If you want only to see bypassed…
Announcing changes to permissions for packages. We are restricting the refs REST API endpoint from accepting POSTs from users and apps that only have the permission to read and write…
Actions customers will now be able to clear stuck workflows by forcing a cancel request from the REST API. This is a new feature and the existing endpoint to cancel…
Make quick work of alerts with preset and custom rules.
Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. Starting today, you can now create your…
Users with secret scanning enabled on their free public repositories will now receive alerts for any potential secrets exposed in an issue’s title, description, or comments, including historical revisions. Alerts…
Learn how you can structure your enterprise to get the most value out of GitHub and provide the best experience for your developers!
Code scanning default setup is now available for Swift analysis with CodeQL! Default setup now supports all CodeQL supported languages at the repository level. This includes JavaScript/TypeScript, Ruby, Python, Go,…
Repository rules provide an easy, flexible way to define branch protections and ensure consistency in code across repositories.
When new token types are added to secret scanning, GitHub Advanced Security customers using secret scanning can view any matching secrets exposed historically in an issue’s title, description or comments…
Enterprise users will now notice added functionality where Dependabot security and version updates may be paused for repositories. If you are an enterprise user that uses Dependabot updates and there…
Code scanning default setup is now available for all CodeQL supported languages, excluding Swift. This includes supporting JavaScript/TypeScript, Ruby, Python, Go, Java/Kotlin, C/C++, and C# at the repository level. We…
We are introducing a number of enhancements, bug fixes and a breaking API change to repository rules. 1. UI Updates * Added a repository picker to target select repositories for…
Today we are announcing the general availability of code scanning default setup enablement at the organization level. You can use code scanning default setup to enable CodeQL analysis for pull…
Code scanning now has the option to enable default setup for a subset of languages in a repository. This lets you customize the configuration to suit your repository’s needs, for…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
