Dependabot can now perform version updates for the .NET SDK
Dependabot can now keep you up to date with the latest version of the .NET SDK by updating the global.json file in your repository. You can enable updates for the…
Home / You searched for Security / Blog Search
Search results for: Security
Announcing GitHub Secure Open Source Fund: Help secure the open source ecosystem for everyone
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Software is a team sport: Building the future of software development together
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.
Persistent commit signature verification now in public preview
We’re excited to introduce persistent commit signature verification, a powerful new feature designed to elevate the security and reliability of your repository’s commit history. Starting today, GitHub verifies commit signatures…
The GitHub Enterprise Server 3.15 Release Candidate is available
The GitHub Enterprise Server 3.15 release candidate is here You can now download the GitHub Enterprise Server 3.15 release candidate to try out the new features in this latest version.…
Secret scanning: ability to add an optional comment when reopening alerts
To remediate and triage alerts more effectively, you can now add an optional comment when reopening a secret scanning alert. Comments will appear in the alert timeline. Previously, you could…
Push protection bypass request details are included in the REST API, webhooks, and audit logs for secret scanning alerts
Secret scanning alerts resulting from an approved push protection bypass request will now show relevant details in the alert information surfaced in the REST API, webhooks, and audit logs. This…
Organizations can now enable 2FA requirement without removing non-compliant members [GA]
Enterprises can now broadly roll out two-factor authentication (2FA) to all members of their organization through an enhanced 2FA enrollment experience in GitHub. With this update, non-compliant users will no…
EMU OIDC CAP support is now enhanced to protect web sessions [Public Preview]
If you are using GitHub Enterprise Cloud with EMU and using OpenID Connect (OIDC) SSO, this new feature, currently in public preview, will help enforce IdP-defined IP restrictions to protect…
Game Off 2024 theme announcement
GitHub’s annual month-long game jam, where creativity knows no limits! Throughout November, dive into your favorite game engines, libraries, and programming languages to bring your wildest game ideas to life. Whether you’re a seasoned dev or just getting started, it’s all about having fun and making something awesome!
Celebrating the GitHub Awards 2024 recipients 🎉
The GitHub Awards celebrates the outstanding contributions and achievements in the developer community by honoring individuals, projects, and organizations for creating an outsized positive impact on the community.
New from Universe 2024: Get the latest previews and releases
Find out how we’re evolving GitHub and GitHub Copilot—and get access to the latest previews and GA releases.
Bringing developer choice to Copilot with Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview
At GitHub Universe, we announced Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview and o1-mini are coming to GitHub Copilot—bringing a new level of choice to every developer.
Octoverse: AI leads Python to top language as the number of global developers surges
In this year’s Octoverse report, we study how public and open source activity on GitHub shows how AI is expanding as the global developer community surges in size.
Copilot Autofix now supports partner code scanning tools
Copilot Autofix now supports fix suggestions for problems detected by ESLint, a partner code scanning tool. Autofixes are available both in pull requests and for historical alerts. ESLint is the…
Refine and validate code review suggestions with Copilot Workspace (public preview)
Code reviews and suggestions from colleagues, integrators, and AI agents like Copilot code review and Copilot autofix increase your code’s quality, but at times they can get overwhelming. You can…
GitHub Enterprise Cloud Data Residency in the EU is generally available
Announcing the general availability of GitHub Enterprise Cloud with data residency in the EU Today, GitHub Enterprise Cloud with data residency in the EU is generally available. GitHub Enterprise Cloud…
Secret scanning supports delegated bypass for push protection on file uploads (GA)
Secret scanning now supports delegated bypass controls for repository file uploads from the browser. If delegated bypass is configured for an organization or repository, anyone without bypass permissions will need…
Attacking browser extensions
Learn about browser extension security and secure your extensions with the help of CodeQL.
Secret scanning support for public leak and multi-repository indicators in webhook and audit log events
Public leak and multi-repository indicators are now included in webhook and audit log event payloads for secret scanning alerts. What are public leak and multi-repo labels? To help you triage…
Repository deploy keys are controlled by enterprise and organization policy [GA]
GitHub Enterprise Cloud enterprise and organization administrators can now configure policies to restrict the usage of deploy keys across all the repositories of their organizations, giving you more control and…
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
The GitHub Podcast
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.