Search results for: Security

Dependabot can now provide updates to Rust dependencies by accessing Cargo private registries. To learn more, check out the documentation for configuring private registries for Dependabot.

We are excited to announce that organizations within an enterprise can now create network configurations independently of their enterprise for Azure private networking. Azure private networking is a powerful feature…

GitHub secret scanning lets you know if your secret is active or inactive with partner validity checks. These checks are run on an ongoing basis for supported providers for any…

This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world.

Secret scanning will now continually run validity checks on closed alerts, similarly to the behavior for open alerts today. You can still request on-demand checks for supported secret types from…

Announcing the second cohort, delivering value to projects, and driving a new frontier.

All organization owners now have access to a Compliance tab within their organization’s settings page. This page has been available for all organizations on the GitHub Enterprise plan, but is now…

The GitHub Enterprise Server 3.13 release candidate is here GitHub Enterprise Server 3.13 gives customers more fine-grained control over deployment requirements, and enhanced security controls. Here are a few highlights:…

GitHub celebrates Global Accessibility Awareness Day by launching another installment of the Coding Accessibility series and sharing how we scale accessibility within GitHub and beyond.

Git is releasing several new versions to address five CVEs. Upgrading to the latest Git version is essential to protect against these vulnerabilities.

We’re excited to announce that the dependabot-core project is being relicensed under the MIT License, making it easier for the community to contribute to Dependabot. Keeping dependencies updated is a…

Azure private networking was made generally available in April 2024 with 11 available regions. GitHub Actions has expanded the number of supported regions to 17, with the following new additions:…

Secret scanning is expanding coverage for push protection to repository file uploads made via a browser. If push protection is enabled for a repository, secret scanning will now also block…

When uploading a SARIF file that contains multiple SARIF runs for the same tool and category, Code Scanning combines those runs into a single run. Combining multiple runs within the…

Previously, developers who used private registries to host their packages on internal networks could not use Dependabot to update the versions of those packages in their code. With this change,…

A quick guide on the advantages of Dependabot as a GitHub Actions workflow and the benefits this unlocks, including self-hosted runner support.

Create a tamper-proof papertrail for anything you build on Actions Artifact Attestations lets you sign builds in GitHub Actions, capturing provenance information about the artifact and making it verifiable from…

Audit log events are now created when secret scanning non-provider patterns are enabled or disabled at the repository, organization, or enterprise level. The existing secret_scanning_alert event now includes a secret_type…

Generate and verify signed attestations for anything you make with GitHub Actions.

From mastering prompt engineering to leveraging AI for code security, here’s how you can excel in today’s competitive job market.

For GitHub Advanced Security customers that use secret scanning, you can now specify which teams or roles have the ability to bypass push protection. This feature is in public beta…