To help you triage and remediate secret leaks more effectively, GitHub secret scanning now indicates if a secret detected in your repository has also leaked publicly with a public leak…
Over the next six months, we will be making the following changes and deprecations to the GitHub Actions service: Reduction to Webhook rate limit in GitHub Actions Starting October 1st,…
You can now add repository permissions to custom organization roles, granting a specific level of access to all the repositories in your organization. This builds on the release of organization-wide…
We’re excited to bring an updated repository list view experience and the ruleset merge queue rule to general availability, as well as an update to the status check and workflow…
Organization owners and security managers can now filter the table of repositories on the code security configurations settings page by configuration attachment failure reason. This is useful when you’ve attempted…
Code security configurations are now generally available (GA)! Code security configurations simplify the rollout of GitHub security products at scale. They help you define collections of security settings and apply…
When rolling out code scanning default setup at scale (e.g., via code security configurations), GitHub checks if an advanced CodeQL setup already exists for each repository. If an advanced setup…
Editor’s note (October 30, 2025): Updated this post to include information for the GitHub CLI timeline. Today, we are announcing the sunset of GitHub Projects (classic), which will follow individual…
The code scanning option for repository rules is now available in public beta. Code scanning users can now create a dedicated code scanning rule to block pull request merges, instead…
Starting January 30th, 2025, GitHub Actions customers will no longer be able to use v3 of actions/upload-artifact or actions/download-artifact. Customers should update workflows to begin using v4 of the artifact…
As a proactive measure to protect Github.com availability, GitHub Apps that attempt to create high-complexity scoped installation tokens will receive failures if they would individually reference too many repositories. At…
We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.
Users of secret scanning will now receive alerts for any new secrets exposed in a pull request’s title, description, or comments (including reviews). Alerts can be viewed within the UI…
Customers using GitHub Enterprise Server can gain more insight and understanding into the security of their code.
Users of secret scanning can now view any new secrets exposed in a discussion’s title, description, or comments within the UI or the REST API. This expanded coverage will also…
The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here’s what we found and what you can do to better protect your own smart home.
Beginning January 8th, 2024, we will be making changes to the repository insights UI and API on GitHub for repositories with over 10,000 commits. The targeted UI and API have…
Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. We’ve heard your feedback, which is helping…
Organization owners can now create and assign custom organization roles, which grant members and teams specific sets of privileges within the organization. Like custom repository roles, organization roles are made…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
