Search results for: Security
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
GitHub Actions: Workflows triggered by Dependabot receive dependabot secrets
GitHub Actions: Workflows triggered by Dependabot receive dependabot secrets
![](https://github.blog/wp-content/uploads/2021/11/devops-tips_social.png?resize=400%2C212)
5 DevOps tips to speed up your developer workflow
From learning YAML to scripting with Bash, here are a few simple tips for developers who want to speed up their workflows.
![](https://github.blog/wp-content/uploads/2019/03/product-social.png?resize=400%2C212)
GitHub Actions: reusable workflows is generally available
DRY your Actions configuration with reusable workflows (and more!)
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
GitHub Actions: Secure cloud deployments with OpenID Connect is now GA
The OpenID Connect (OIDC) support for secure cloud deployments with GitHub Actions is now generally available.You can configure your workflows to request short-lived access tokens that are automatically rotated for…
![](https://github.blog/wp-content/uploads/2019/03/product-social.png?resize=400%2C212)
Secure deployments with OpenID Connect & GitHub Actions now generally available
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.
![](https://github.blog/wp-content/uploads/2019/09/security-1200-630.png?resize=400%2C212)
Blue-teaming for Exiv2: how to squash bugs by enrolling in OSS-Fuzz
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project.
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
Display help text for your custom CodeQL queries in code scanning
The latest release of the CodeQL CLI supports including markdown-rendered query help in SARIF files so that the help text can be viewed in the code scanning UI. This functionality…
![](https://github.blog/wp-content/uploads/2021/10/GitHub-Universe-2021-social-card.jpeg?resize=400%2C212)
In case you missed it, GitHub Education at Universe 2021!
A recap of all the GitHub Education news from Universe 2021, including the new Intro to Web Dev Experience.
![](https://github.blog/wp-content/uploads/2021/07/Changelog-for-social.png?resize=400%2C212)
What’s new from GitHub Changelog? October 2021 recap
A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.
![](https://github.blog/wp-content/uploads/2019/03/product-social.png?resize=400%2C212)
7 advanced workflow automation features with GitHub Actions
Check out some advanced automation and CI/CD capabilities you can use today with GitHub Actions on any GitHub account.
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
Debugging CodeQL code scanning made easier by retaining diagnostic artifacts in Actions
Debugging CodeQL code scanning made easier by retaining diagnostic artifacts in Actions
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
GitHub Enterprise Cloud self-service compliance reports for 2021 are now available
GitHub Enterprise Cloud self-service compliance reports for 2021 are now available
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
Deprecating non-audit-related advisory fetch endpoints for the npmjs.com registry API
Deprecating non-audit-related advisory fetch endpoints for the npmjs.com registry API
![](https://github.blog/wp-content/uploads/2019/09/security-1200-630.png?resize=400%2C212)
Blue-teaming for Exiv2: adding custom CodeQL queries to code scanning
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
CodeQL code scanning now recognizes more Java and JavaScript libraries and frameworks
CodeQL code scanning now recognizes more Java and JavaScript libraries and frameworks
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
Track code scanning alerts in GitHub Issues using task lists (beta)
Track code scanning alerts in GitHub issues using task lists
![An illustration of two octocats repairing a robot.](https://github.blog/wp-content/themes/github-2021/assets/img/fallbacks/archive-hero-1.png)
The GitHub Enterprise Server 3.3 Release Candidate is available
The GitHub Enterprise Server 3.3 Release Candidate is available
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
GitHub Universe 2024
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.