Search results for: Security

GitHub switched to performing merges and rebases using merge-ort. Come behind the scenes to see why and how we made this change.

CodeQL is the analysis engine that powers GitHub code scanning for over 100,000 repositories. We continuously improve our analysis capabilities, language support and performance to help open source developers and…

We’re launching the GitHub Copilot Trust Center to provide transparency about how GitHub Copilot works and help organizations innovate responsibly with generative AI.

Repository rules provide an easy, flexible way to define branch protections and ensure consistency in code across repositories.

You now have the option to select either the “Extended” or “Default” query suite when setting up code scanning with default setup for eligible repositories within your organization. Code scanning’s…

All GitHub Copilot for Business users now have access to a limited GitHub Copilot Chat beta, bringing the power of conversational coding right to the IDE.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Codespaces is updating the domain used for forwarded ports Starting in August, Codespaces will be updating web client port forwarding to improve security, reliability, and performance for users. As part…

When new token types are added to secret scanning, GitHub Advanced Security customers using secret scanning can view any matching secrets exposed historically in an issue’s title, description or comments…

GitHub Actions – OpenId Connect (OIDC) integration with AWS is now optimized to avoid pinning any intermediary certificate thumbprints. While configuring GitHub as an OIDC IdP (ID Provider), AWS now…

In April, we announced that GitHub Enterprise Cloud customers could join a public beta for streaming API request events as part of their enterprise audit log. As part of that…

Have your say to protect open source in the EU.

Passkeys are a replacement for passwords when signing in, providing higher security, ease-of-use, and loss-protection. They’re now available on GitHub.com as a public beta – see this blog post for…

Passkeys are now available in public beta. Opting in lets you upgrade security keys to passkeys, and use those in place of both your password and your 2FA method.

When analyzing a Python project with code scanning using CodeQL through advanced setup, we would try to automatically install dependencies for the project. Over the past months and years, we’ve…

Level up your use of GitHub Projects on the command line and in GitHub Actions with the new project CLI command.

Reduce developer and auditor friction involved in demonstrating compliance and maintaining end-to-end traceability by focusing your efforts around the pull request.

We have added over 17.5 million new package licenses to our database, expanding the license coverage for packages that appear in dependency graph, dependency insights, dependency review, and a repository’s…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

The 2023 updates to our ISO/IEC 27001:2013 certificate can be downloaded now. In addition, we have completed the processes for ISO/IEC 27701:2019 (PII Processor), ISO/IEC 27018:2019, and CSA STAR certifications.…

GitHub’s Information Security and Privacy Management System (ISPMS) has been certified against ISO/IEC 27701:2019 (PII Processor) and 27018:2019 standards, as well as the Cloud Controls Matrix (CCM). These standards and frameworks are internationally recognized for security and privacy program best practices.