Search results for: Security

Code scanning: deprecation of CodeQL Action v1

Git.io deprecation

Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.

From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.

We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work.

Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.36.

JD Cloud is now a GitHub secret scanning partner

Dependabot alerts show vulnerable function calls (Python Beta)

Secret scanning detects and revokes leaked passwords

Secret scanning: Dry runs for organization-level custom patterns

Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.

Learn how to build packages with SLSA 3 provenance using GitHub Actions.

Secret scanning custom pattern events now in the audit log

Dependabot Alert API adds relevant update info to the schema

The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.

GitHub Action for dependency review enforcement

We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.

Secret scanning webhooks for alert locations

`pub` beta support for Dependabot version updates

From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.

CodeQL runner is now deprecated