Search results for: Security

The GitHub Enterprise Server 3.13 release candidate is here GitHub Enterprise Server 3.13 gives customers more fine-grained control over deployment requirements, and enhanced security controls. Here are a few highlights:…

GitHub celebrates Global Accessibility Awareness Day by launching another installment of the Coding Accessibility series and sharing how we scale accessibility within GitHub and beyond.

Git is releasing several new versions to address five CVEs. Upgrading to the latest Git version is essential to protect against these vulnerabilities.

We’re excited to announce that the dependabot-core project is being relicensed under the MIT License, making it easier for the community to contribute to Dependabot. Keeping dependencies updated is a…

Azure private networking was made generally available in April 2024 with 11 available regions. GitHub Actions has expanded the number of supported regions to 17, with the following new additions:…

Secret scanning is expanding coverage for push protection to repository file uploads made via a browser. If push protection is enabled for a repository, secret scanning will now also block…

When uploading a SARIF file that contains multiple SARIF runs for the same tool and category, Code Scanning combines those runs into a single run. Combining multiple runs within the…

Previously, developers who used private registries to host their packages on internal networks could not use Dependabot to update the versions of those packages in their code. With this change,…

A quick guide on the advantages of Dependabot as a GitHub Actions workflow and the benefits this unlocks, including self-hosted runner support.

Create a tamper-proof papertrail for anything you build on Actions Artifact Attestations lets you sign builds in GitHub Actions, capturing provenance information about the artifact and making it verifiable from…

Audit log events are now created when secret scanning non-provider patterns are enabled or disabled at the repository, organization, or enterprise level. The existing secret_scanning_alert event now includes a secret_type…

Generate and verify signed attestations for anything you make with GitHub Actions.

From mastering prompt engineering to leveraging AI for code security, here’s how you can excel in today’s competitive job market.

For GitHub Advanced Security customers that use secret scanning, you can now specify which teams or roles have the ability to bypass push protection. This feature is in public beta…

GitHub is working with the OSS community to bring new supply chain security capabilities to the platform.

The code scanning option for repository rules is now available in public beta. Code scanning users can now create a dedicated code scanning rule to block pull request merges, instead…

This public beta enables developers to use a directories key to list multiple directories for the same ecosystem configuration in the dependabot.yml file. Previously, developers with multiple package manifests for…

We’re redefining the developer environment with GitHub Copilot Workspace – where any developer can go from idea, to code, to software all in natural language.

Learn how GitHub’s Enterprise Cloud, GitHub Actions, and Arm’s latest Automotive Enhanced processors, work together to usher in a new era of efficient, scalable, and flexible automotive software creation.

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.17.1 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL…

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.