Search results for: Security

GitHub provides Enterprise customers with the ability to programmatically retrieve enterprise and organization audit log events in near real-time using the audit log API. A high-quality audit log is an…

Dependabot version updates helps you keep your dependencies up-to-date by opening pull requests when dependencies can be upgraded. With today’s release, you can now group version updates by dependency name.…

During two-factor authentication and when entering sudo mode for sensitive actions on GitHub.com, TOTP codes could be successfully used multiple times within their validity window. To improve security, this reuse…

GitHub Enterprise Server 3.9 is now generally available. Organizations can now take advantage of more features that enable deeper collaboration, greater observability and faster workflows.

Enterprise users will now notice added functionality where Dependabot security and version updates may be paused for repositories. If you are an enterprise user that uses Dependabot updates and there…

Code scanning default setup is now available for all CodeQL supported languages, excluding Swift. This includes supporting JavaScript/TypeScript, Ruby, Python, Go, Java/Kotlin, C/C++, and C# at the repository level. We…

The Enterprise and Organization audit log UI and user security logs UI now include an expandable view that displays the full audit log payload of each event. Customers can now…

We have received customers reporting errors with Actions’ OIDC integration with AWS. This happens for customers who are pinned to a single intermediary thumbprint from the Certificate Authority (CA) of…

Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.

Code scanning default setup now automatically updates when the languages in a repository change. If a repository that uses default setup changes to include the languages JavaScript/TypeScript, Ruby, Python, or…

Today we are announcing the general availability of code scanning default setup enablement at the organization level. You can use code scanning default setup to enable CodeQL analysis for pull…

In late 2022 we launched a private beta of innersource restricted users allowing customers with enterprise managed users (EMU) to assign an IdP-defined role to users who should not be…

Explore the impact of non-code contributions—and why they are often undervalued, the challenges of using open source in regulated environments, and the art of managing projects at the scale of Kubernetes, now on The ReadME Podcast.

Suppressed notifications for Dependabot alerts at enablement time At first time enablement, Dependabot will no longer send web or email notifications that summarize when a repository is populated with Dependabot…

Sometimes, due to misconfiguration or incompatible versions, Dependabot jobs for a repository will fail and Dependabot will continue to run and continue to fail. Now, after 30 failed runs, Dependabot…

You can now easily find all alerts associated with a specific language with the new language filter on the code scanning alerts page. To show all the code scanning alerts…

Starting today, you will now receive Dependabot alerts for vulnerabilities associated with your Swift dependencies. The GitHub Advisory Database now includes curated Swift advisories. This brings the Advisory Database to…

For securely enabling OpenID Connect (OIDC) in your reusable workflows, we are now making the permissions more restrictive. If you need to fetch an OIDC token generated within a reusable…

Code scanning now has the option to enable default setup for a subset of languages in a repository. This lets you customize the configuration to suit your repository’s needs, for…

Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.

We surveyed 500 U.S.-based developers at companies with 1,000-plus employees about how managers should consider developer productivity, collaboration, and AI coding tools.