Search results for: Security

When uploading a SARIF file that contains multiple SARIF runs for the same tool and category, Code Scanning combines those runs into a single run. Combining multiple runs within the…

Previously, developers who used private registries to host their packages on internal networks could not use Dependabot to update the versions of those packages in their code. With this change,…

A quick guide on the advantages of Dependabot as a GitHub Actions workflow and the benefits this unlocks, including self-hosted runner support.

Create a tamper-proof papertrail for anything you build on Actions Artifact Attestations lets you sign builds in GitHub Actions, capturing provenance information about the artifact and making it verifiable from…

Audit log events are now created when secret scanning non-provider patterns are enabled or disabled at the repository, organization, or enterprise level. The existing secret_scanning_alert event now includes a secret_type…

Generate and verify signed attestations for anything you make with GitHub Actions.

From mastering prompt engineering to leveraging AI for code security, here’s how you can excel in today’s competitive job market.

For GitHub Advanced Security customers that use secret scanning, you can now specify which teams or roles have the ability to bypass push protection. This feature is in public beta…

GitHub is working with the OSS community to bring new supply chain security capabilities to the platform.

The code scanning option for repository rules is now available in public beta. Code scanning users can now create a dedicated code scanning rule to block pull request merges, instead…

This public beta enables developers to use a directories key to list multiple directories for the same ecosystem configuration in the dependabot.yml file. Previously, developers with multiple package manifests for…

We’re redefining the developer environment with GitHub Copilot Workspace – where any developer can go from idea, to code, to software all in natural language.

Learn how GitHub’s Enterprise Cloud, GitHub Actions, and Arm’s latest Automotive Enhanced processors, work together to usher in a new era of efficient, scalable, and flexible automotive software creation.

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.17.1 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL…

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.

Starting today, developers using GitHub Enterprise Cloud (GHEC) and Free, Pro, and Teams accounts can enable their repositories and/or organizations to run Dependabot updates as an Actions workflow. With this…

We’re asking for feedback on a proposed Acceptable Use Policy update to address the use of synthetic and manipulated media tools for non-consensual intimate imagery and disinformation while protecting valuable research.

The CodeQL for Visual Studio Code documentation is now on docs.github.com. This migrates the content from https://codeql.github.com/docs/codeql-for-visual-studio-code and provides a consistent, single-site experience with improved text, descriptions, images, and navigation.…

You can now add organisation-level CodeQL model packs to improve code scanning coverage for your GitHub organization. This ensures that custom libraries and frameworks are recognised by CodeQL. In most…

Secret scanning has recently expanded coverage to GitHub discussions and pull requests. GitHub is now performing a backfill scan, which will detect any historically existing secrets found in GitHub discussions…

Ten years of our global developer event! Celebrate with us by picking up in-person tickets today. It’s bound to be our best one yet.