Code scanning have shipped an API for repositories to programmatically enable code scanning default setup with CodeQL. The API can be used to: Onboard a repository to default setup: gh…
We are preparing to bring powerful new code search capabilities to GitHub. As part of that effort, on April 10, 2023, we will make several changes to the code search…
The Custom Repository Roles REST API has moved to general availability, with a breaking change to the path used. Previously, the API was found at /orgs/{org}/custom_roles – it has been…
GitHub Enterprise Cloud customers can now join a private beta which allows API request events to be streamed as part of their enterprise audit log. In this private beta, REST…
You can now filter results from the code scanning REST API based on alert severity. Use the parameter severity to return only code scanning alerts with a specific severity. This…
Recently, GitHub added webhooks to our OpenAPI schema. Now, Webhook events and payloads in the GitHub documentation is built from the OpenAPI schema. The schema-generated documentation is more accurate and…
The dependency review API is now generally available. The Dependency Review GitHub Action now allows you to reference a local or external configuration file. There are also new configuration options:…
We recently released organization-level API support that enables administrators to programmatically manage their organization-owned codespaces at scale. Today we’re announcing that these APIs are generally available. With organization APIs providing…
GitHub Advanced Security customers using secret scanning can now specify a custom link via the organization level REST API that will show in the message when push protection detects and…
On September 15, 2022, we fixed a bug on GitHub.com that allowed OAuth tokens (such as personal access tokens) to bypass SAML single sign-on (SSO) requirements to view organization issue…
We recently released a set of organization-level APIs (in beta) to enable administrators to programmatically manage their organization-owned codespaces at scale. Today we’re releasing support for additional organization-level APIs based…
Custom repository roles enable Enterprise organization administrators to define and assign least-privilege roles for their repositories, beyond the standard Read, Triage, Write, Maintain, and Admin roles. Now, REST API endpoints…
We’ve made a series of improvements to the GitHub Connect license sync feature in addition to the “Sync now” button we recently added in GHES: Enterprise administrators can now access…
We strive to understand how developers collaborate and work on GitHub, and we sometimes partner with academics to better understand how we can improve our products. Here’s how we did that to build and evolve GitHub Discussions.
We’ve just released a new version of Octokit.js, our SDK for interacting with the GitHub API from your JavaScript or TypeScript code. The new release adds support for 91 new…
GitHub Advanced Security customers can now view bypasses of secret scanning’s push protection in the enterprise and organization audit logs. The GitHub REST API and webhooks now also contain bypass…
We recently announced a plan to sunset deprecated Teams API endpoints over the coming weeks. On March 1, we conducted the first scheduled brownout for 12 hours. As we gathered…
Update on March 4, 2022: We have temporarily paused the sunset. Please read the official announcement for more information. In early 2020, we moved the Teams API from a top-level…
Practical tips on how to apply OWASP Top 10 Proactive Control C4.
The GitHub metadata endpoint now contains our SSH host keys. (We’ll continue offering host key fingerprints as well.) { // new entry “ssh_keys”: [ “ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl”, “ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=”, “ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==”…
We have released improvements to the code scanning API: We’ve added the fixed_at timestamp to alerts. This is the first time that the alert was not detected in an analysis.…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
