Search results for: Security

GitHub, the Rust Foundation, and the Rust Project are collaborating to help protect you from leaked crates.io keys. From today, GitHub will scan every commit to a public repository for…

Organizations and enterprises using branch protections may see false-alert flags in their security log for protected_branch.policy_override and protected_branch.rejected_ref_update events between January 6 and January 11, 2023. These events were improperly…

GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.

On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. In April 2022, we announced that CodeQL Action v1 would be deprecated at the…

Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.

Explore how GitHub and cloud native strategies can help you address common DevOps pipeline and team antipatterns.

Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.

What’s new? Starting today, Dependabot will pause automated pull request activity if you haven’t merged, closed, or otherwise interacted with Dependabot for over 90 days. To resume activity when you’re…

Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).

OpenID Connect (OIDC) support in GitHub Actions enables secure cloud deployments using short-lived tokens that are automatically rotated for each deployment. Each OIDC token includes standard claims like the audience,…

Now, you can standardize and enforce CI/CD best practices across all repositories in your organization to reduce duplication and secure your DevOps processes.

Today, we are announcing public beta of required workflows in GitHub Actions 🎉 Required workflows allow DevOps teams to define and enforce standard CI/CD practices across many source code repositories…

Default setup is a new way to automatically set up code scanning on your repository, without the use of a .yaml file.

Code scanning can now be easily setup with a few button clicks, and without committing a workflow file to the repository. Code scanning’s new default setup feature automatically finds and…

GitHub Advanced Security customers can view an event in their organization or enterprise audit log when an admin enables or disables push protection for a custom pattern at the repository,…

As of last month, GitHub Advanced Security customers can enable push protection for push protection for any custom pattern defined at the repository or organization level. Now, customers can also…

Learn about the design behind, and solutions to, several of GitHub’s CTF challenge for Ekoparty’s 2022 event!

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

Forrester’s Total Economic Impact™ study dives into how GitHub Enterprise Cloud and GitHub Advanced Security help businesses drive ROI, increase developer productivity, and save time on developer onboarding.

GitHub Enterprise has evolved to support the needs of enterprise administrators, corporate security teams, and individual developers who contribute to open source.

Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.