Search results for: Security

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

GitHub Advanced Security customers can now enable validity checks for supported partner patterns in their repository, organization, or enterprise level code security settings. When you enable the checkbox in your…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

GitHub today announced public beta support for custom deployment protection rules for safely rolling out deployments using GitHub Actions. Custom deployment protection rules are powered by GitHub Apps and can…

Create and share your own deployment protection rules, or use the rules from our great partners, like Datadog, Honeycomb, New Relic, NodeSource, Sentry, and ServiceNow, to control your deployments with more confidence. And the API is open for the community to build their own rules to make GitHub Enterprise Cloud even better.

Open source maintainers and security researchers embrace a new best practice to report and fix vulnerabilities.

How to verifiably link npm packages to their source repository and build instructions.

You can now use the REST API to open a private vulnerability report on open-source repositories that have this feature enabled. Learn more about the repository security advisories REST API

GitHub is proud to join 40 companies endorsing the Cybersecurity Tech Accord principles limiting offensive operations in cyberspace.

We’ve gotten great feedback on default setup, a simple way to set up code scanning on your repository. Now, you have the ability to use default setup across your organization’s repositories, in just one click.

Explore how migrating your source code and collaboration history to GitHub can lead to some surprising benefits.

Rapid advancements in generative AI coding tools like GitHub Copilot are accelerating the next wave of software development. Here’s what you need to know.

When changes in a repository make a Dependabot pull request out-of-date, Dependabot will automatically rebase it so that it is able to be merged without your manual effort. With this…

You can now filter by repository topic or team on the enterprise-level Dependabot, code scanning, and secret scanning pages in security overview. These improvements have shipped to GitHub.com and will…

You can now fetch release notes, changelogs and commit history for Docker update pull requests with Dependabot. This will allow you to quickly evaluate the stability risk of the dependency…

How GitHub Enterprise ensures secure and compliant developer workflows for highly regulated industries.

GitHub Advanced Security customers using secret scanning can now view any secrets exposed historically in an issue’s title, description, or comments within the UI or the REST API. This expanded…

Following our recent release of generating a software bill of materials from the repository’s dependency graph, you can now generate an SBOM for a repository using a new REST API…

Code scanning default setup is now available for Go! Default setup automatically finds and sets up the best CodeQL configuration for your repository. It detects the languages in the repository…

Users with access to secret scanning alerts can now view metadata for any active GitHub token leaked in their repositories. Metadata includes details like the token’s owner, expiration date, and…

Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.