GitHub’s Advisory Database now supports listing malware advisories. You can see them by searching “type:malware” on https://github.com/advisories. If you have enabled Dependabot alerts on your repositories, GitHub will send Dependabot…
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
The Dependency Review GitHub Action, which checks if pull requests introduce a dependency with a known vulnerability, now supports configuration based on vulnerability severity and license type. The following configuration…
We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States.
Today, we’re shipping the ability to select multiple Dependabot alerts to reopen or dismiss from the index page UI. For example, from the Closed alerts tab, you can now select…
How can you robustly assert and identify a user’s identity?
Dependabot is generally available in GitHub Enterprise Server 3.5. Here is how to set up Dependabot on your instance.
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…
We’re excited to announce that we’re open sourcing our Identity and Access Management solution: Entitlements.
When you visit the GitHub Advisory Database, you can now search for any historical advisory recognized by the National Vulnerability Database. Previously, we only displayed advisories from our supported ecosystems.…
GitHub Advanced Security customers can now use sort and direction parameters in the GitHub REST API when retrieving secret scanning alerts. API users can sort based on the alert’s created…
We are archiving Atom and all projects under the Atom organization for an official sunset on December 15, 2022.
A personal story about building the feature you want and sharing it with the world.
Custom repository roles are now GA for GitHub.com and Enterprise Server 3.5. Organization admins can create custom repository roles available to all repositories in their organization. Roles can be configured…
In February 2022, we launched a new feature called community contributions to security advisories. We have made a handful of changes to the UX based on your feedback: Fixed the…
The dependency graph now supports detecting Rust (Cargo.{toml,lock}) files. These will be displayed within the dependency graph section in the Insights tab. Users will receive Dependabot alerts and updates for…
CI/CD and workflow automation are native capabilities on GitHub platform. Here’s how to start using them and speed up your workflows.
Dependabot version updates help you keep your dependencies up-to-date by opening pull requests automatically when new versions are available. With this release, you can now more easily enable and configure…
Code scanning flags up potential security vulnerabilities in pull requests — well before code is merged and deployed. Starting today, such alerts will be more visible: they will appear as…
Read about all the features you may not have known come on the GitHub Free plan, and how to choose the right plan for you.
Several ways for GitHub-hosted Actions runners to connect to resources on your private network.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
