Search results for: Security

We’re excited to announce that we’re open sourcing our Identity and Access Management solution: Entitlements.

When you visit the GitHub Advisory Database, you can now search for any historical advisory recognized by the National Vulnerability Database. Previously, we only displayed advisories from our supported ecosystems.…

GitHub Advanced Security customers can now use sort and direction parameters in the GitHub REST API when retrieving secret scanning alerts. API users can sort based on the alert’s created…

We are archiving Atom and all projects under the Atom organization for an official sunset on December 15, 2022.

A personal story about building the feature you want and sharing it with the world.

Custom repository roles are now GA for GitHub.com and Enterprise Server 3.5. Organization admins can create custom repository roles available to all repositories in their organization. Roles can be configured…

In February 2022, we launched a new feature called community contributions to security advisories. We have made a handful of changes to the UX based on your feedback: Fixed the…

The dependency graph now supports detecting Rust (Cargo.{toml,lock}) files. These will be displayed within the dependency graph section in the Insights tab. Users will receive Dependabot alerts and updates for…

CI/CD and workflow automation are native capabilities on GitHub platform. Here’s how to start using them and speed up your workflows.

Dependabot version updates help you keep your dependencies up-to-date by opening pull requests automatically when new versions are available. With this release, you can now more easily enable and configure…

Code scanning flags up potential security vulnerabilities in pull requests — well before code is merged and deployed. Starting today, such alerts will be more visible: they will appear as…

Read about all the features you may not have known come on the GitHub Free plan, and how to choose the right plan for you.

Several ways for GitHub-hosted Actions runners to connect to resources on your private network.

GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities.

You can now download the latest version of GitHub Enterprise Server. This new release introduces GitHub Container registry and continues the strong emphasis on security. Your teams will be able…

GitHub will now verify Git commit signatures and show commits as "Verified" even if their public GPG signing keys are expired or revoked (but not compromised). You can also upload…

GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.

A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.

The enterprise and organization level audit logs now record an event when a secret scanning alert is created, closed, or reopened. This data helps GitHub Advanced Security customers understand actions…

Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…

With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.