Search results for: Search

How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. The CodeQL engine has become faster, covers 28 more security queries,…

Discover how to use GitHub Copilot to refactor your code and see samples of it in action.

Introducing agent mode for GitHub Copilot in VS Code, announcing the general availability of Copilot Edits, and providing a first look at our SWE agent.

In the latest Visual Studio Code release, you will find a range of GitHub Copilot features designed to make your coding and debugging experience in VS Code more productive and…

We’re thrilled to announce the launch of a new category on GitHub Marketplace: Sustainability. This new category is designed to highlight GitHub Actions and apps that focus on optimizing workflows…

We’re excited to share the latest improvements for Copilot Workspace, including enabling enterprise managed users, auto-validating changes in the workspace, and more. Let’s get started! 🚀 Auto-validation We’ve shipped a…

Open source AI models are in widespread use, enabling developers around the world to build custom AI solutions and host them where they choose.

This month, we’re highlighting two major updates to GitHub Mobile: repository forking and create a pull request! Repository forking Fork repositories directly from your devices, making it easier than ever…

Discover the latest trends and insights on public software development activity on GitHub with the release of Q2 & Q3 2024 data for the Innovation Graph.

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

Learn how to modernize legacy code with GitHub Copilot with real-world examples.

The ability to ask Copilot about Actions job failures is now Generally Available. Simply press “Explain Error” from the pull request merge box or the Actions job page to chat…

GitHub uses GitHub to build GitHub, and our CLI extensions are no exception. Read on to find out how we built the GitHub Skyline CLI extension using GitHub!

Following our opt-in preview last year, we are excited to release sub-issues, issue types and advanced search for issues to everyone! 🎉 Thank you to everyone who opted-in and gave…

Secrets spilled, discovered, and hidden again—Game Off 2024 brought over 500 jaw-dropping submissions that redefined creativity in gaming. From cult quests for free furniture to spellbinding mysteries, these games will have you hooked. Ready to uncover the winners?!?

In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours.

How Copilot can generate unit tests, refactor code, create documentation, perform multi-file edits, and much more.

Git Commit 2024 and our new AI course in Spanish

We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment…

Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.