CodeQL 2.16.2: New Android queries and improved precision
CodeQL 2.16.2 is now available to users of GitHub code scanning on github.com, and all new functionality will also be included in GHES 3.13. Users of GHES 3.12 or older…
CodeQL 2.16.2 is now available to users of GitHub code scanning on github.com, and all new functionality will also be included in GHES 3.13. Users of GHES 3.12 or older…
Secret scanning is extending validity check support to Mailgun (mailgun_api_key) and Mailchimp (mailchimp_api_key) API keys. Validity checks indicate if the leaked credentials are active and could still be exploited. If…
The GitHub Enterprise Server 3.12 release candidate is here GitHub Enterprise Server 3.12 gives customers more fine-grained control over deployment requirements, enhanced security controls, and some . Here are a…
Developers with free accounts on GitHub could enable secret scanning’s push protection at the user level since last August. This automatically protects you from accidentally committing secrets to public repositories,…
If you use private hosted pub repositories or registries to manage your Dart dependencies, Dependabot can now automatically update those dependencies. By adding the details of the private repository or…
The npm engineering team recently transitioned to using GitHub Codespaces for local development for npm registry services. This shift to Codespaces has substantially reduced the friction of our inner development loop and boosted developer productivity.
Funding AI advancements in the open, and opening applications for second Accelerator cohort.
The secret_scanning_alert webhook is sent for activity related to secret scanning alerts. Secret scanning webhooks now support validity checks, so you can keep track of changes to validity status. Changes…
We’re excited to announce an important upgrade to the Codespaces connection infrastructure. Our team has been working to enhance the security, reliability, and overall performance of both the main connection…
We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
Secret scanning is extending validity check support to several additional token types. Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled…
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how.
Code scanning can now be enabled on repositories even if they don’t contain any code written in the languages currently supported by CodeQL. Default setup will automatically trigger the first…
CodeQL 2.16.1 is now available to users of GitHub code scanning on github.com, and all new functionality will also be included in GHES 3.13. Users of GHES 3.12 or older…
Consider deploying the GitHub Action: Evergreen so that you know each of your repositories are leveraging active dependency management with Dependabot.
Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.
If you use devcontainer.json files to define your development containers, you will now be able to use Dependabot version updates to keep your Features up-to-date. Once configured in dependabot.yml, Dependabot…
CodeQL 2.16.0 is now available to users of GitHub code scanning on github.com, and all new functionality will also be included in GHES 3.13. Users of GHES 3.12 or older…
GitHub received a bug bounty report of a vulnerability that allowed access to the environment variables of a production container. We have patched GitHub.com and rotated all affected credentials. If you have hardcoded or cached a public key owned by GitHub, read on to ensure your systems continue working with the new keys.
On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. CodeQL Action v2 will be deprecated at the same time as GHES 3.11, which…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Join us October 28-29 in San Francisco or online for GitHub Universe, our flagship developer event uniting people, agents, and the world’s code.