Enterprise users will now notice added functionality where Dependabot security and version updates may be paused for repositories. If you are an enterprise user that uses Dependabot updates and there…
Code scanning default setup is now available for all CodeQL supported languages, excluding Swift. This includes supporting JavaScript/TypeScript, Ruby, Python, Go, Java/Kotlin, C/C++, and C# at the repository level. We…
We are introducing a number of enhancements, bug fixes and a breaking API change to repository rules. 1. UI Updates * Added a repository picker to target select repositories for…
Today we are announcing the general availability of code scanning default setup enablement at the organization level. You can use code scanning default setup to enable CodeQL analysis for pull…
Code scanning now has the option to enable default setup for a subset of languages in a repository. This lets you customize the configuration to suit your repository’s needs, for…
The GitHub Enterprise Server 3.9 release candidate is here GitHub Enterprise Server 3.9 brings new capabilities to help companies create and ship secure software, more often. Here are a few…
You can now create single-use self-hosted runners without time-limited registration tokens using the REST API. When a runner registers using this API it will only be allowed to run a…
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…
Secret scanning’s push protection feature is now generally available for all free public repositories on GitHub.com. You can enable push protection for any public repository on GitHub.com from your repository’s…
Secret scanning’s push protection feature is now generally available for GitHub Advanced Security customers. Customers can enable push protection for any private repository that has GitHub Advanced Security. Push protection…
Announcing the general availability of push protection–a feature that proactively prevents secret leaks in your public and private repositories.
Fine-grained PATs can now call the GitHub GraphQL API. This was a limitation at the start of the public beta, and is now supported. Like with the REST API, the…
GitHub Importer allows you to import repositories from other code hosting platforms to GitHub.com using a UI or REST API. Today, GitHub Importer supports Git, Mercurial, Subversion and Team Foundation…
GitHub Advanced Security customers using secret scanning can now view any secrets exposed historically in an issue’s title, description, or comments within the UI or the REST API. This expanded…
Meet the projects that make up the first GitHub Accelerator cohort and learn about how GitHub is helping bring their visions to reality.
Commenting on files (including deleted, binary, and renamed files) in a pull request is now generally available on the web and GitHub Mobile! A special thank you to everyone that…
A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.
A software bill of materials (SBOM) is a standardized inventory of a software project’s dependencies and associated metadata (versions, licenses, etc). You can now export your repository’s dependency graph as…
Developers and compliance teams get a new SBOM generation tool for cloud repositories.
Enabling CodeQL analysis with code scanning default setup for eligible repositories in your organization is now as easy as a single click from the organization’s settings page or a single…
GitHub Docs recently changed its site-search to Elasticsearch. Here’s how it was implemented.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
