Self-hosted runner network communication requirements GitHub has introduced fully qualified and wildcard domains into a new actions_inbound section within the meta API. This enhancement provides customers with a streamlined way…
CodeQL is the static analysis engine behind GitHub code scanning, which identifies and remediates security issues in your code. We’ve recently released CodeQL 2.21.2, which now supports Swift 6.1. With…
GitHub takes the Global Accessibility Awareness Day (GAAD) pledge.
Delegated alert dismissal, released in March 2025, allows you to require a review process before secret scanning alerts are dismissed. Secret Protection customers can now manage and review their dismissal…
GitHub Enterprise Cloud with data residency in the US is now generally available, allowing GitHub Enterprise Cloud customers greater flexibility in choosing where their code and repository data are stored.…
Curious about how AI models perform in real-world scenarios with GitHub Copilot? Same. We made a live video demo to find out, and wrote up our key takeaways.
SKU-level budgets are now available for all metered GitHub products. Administrators and billing managers can now set budgets for specific SKUs within a product. This gives you greater flexibility and…
Three maintainers share their tips for gracefully sunsetting open source projects.
GitHub’s dependency graph builds a tree of information about the packages your repository’s code depends on. This capability powers SBOM generation, Dependabot security updates, and more. There are three ways…
We’ve created a new section in the code scanning alerts page called Development that tracks critical information for alerts such as affected branches, fixes, and associated pull requests. This helps…
A warning is now displayed when a file’s contents include hidden Unicode text on github.com. Such text can be interpreted differently than it appears in a user interface. For example,…
Collaboration is crucial to successful software delivery. Let’s dive into how AI can help your development teams decrease their time to delivery, and foster better communication and collaboration using GitHub Copilot.
We previously announced that GitHub tasklists will be retired on April 30th. At this point, the ability to reference code scanning alerts from tasklists will be deprecated as well. This…
You can now revoke an exposed GitHub personal access token (PAT) you found outside of repositories, even if it’s not yours, to help quickly limit the impact of the exposure…
To improve reliability and reduce review assignment conflicts, we’re removing the Dependabot reviewers configuration option on Tuesday, May 20, 2025. We’re retiring this dependabot.yml configuration option because the functionality overlaps…
Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first.
See how you can use GitHub Copilot to build an API.
CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released version 2.21.1 of CodeQL. Here’s what’s new and…
Dependabot users can now schedule custom update frequencies by using cron expressions in schedule.interval in the Dependabot configuration file. This enhances the predefined intervals (daily, weekly, and monthly) and provides…
With delegated alert dismissal for secret scaning alerts, you can require a review process before alerts are dismissed. This helps you better manage your security risk as well as meet…
Copilot Chat on github.com now supports organization custom instructions! This feature allows Copilot Enterprise customers to set default instructions for all users in their organization, ensuring a consistent experience across…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
