Search results for: Security

Learn how you can structure your enterprise to get the most value out of GitHub and provide the best experience for your developers!

Learn about how we build containerized services that power microservices on the GitHub.com platform and many internal tools.

Dependabot can now open pull requests to update your Swift dependencies. In June, support for Swift advisories in the Advisory Database and Dependabot alerts was released. Dependabot will now be…

As part of the two-factor authentication requirement program on GitHub.com, the People pages of enterprises and organizations have been updated to include the 2FA requirement status of members and collaborators.…

Organization owners and security managers can now view metrics associated with push protection usage across their organization. The overview shows a summary of how many pushes containing secrets have been…

Code scanning default setup is now available for Swift analysis with CodeQL! Default setup now supports all CodeQL supported languages at the repository level. This includes JavaScript/TypeScript, Ruby, Python, Go,…

This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023.

GitHub switched to performing merges and rebases using merge-ort. Come behind the scenes to see why and how we made this change.

CodeQL is the analysis engine that powers GitHub code scanning for over 100,000 repositories. We continuously improve our analysis capabilities, language support and performance to help open source developers and…

We’re launching the GitHub Copilot Trust Center to provide transparency about how GitHub Copilot works and help organizations innovate responsibly with generative AI.

Repository rules provide an easy, flexible way to define branch protections and ensure consistency in code across repositories.

You now have the option to select either the “Extended” or “Default” query suite when setting up code scanning with default setup for eligible repositories within your organization. Code scanning’s…

All GitHub Copilot for Business users now have access to a limited GitHub Copilot Chat beta, bringing the power of conversational coding right to the IDE.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Codespaces is updating the domain used for forwarded ports Starting in August, Codespaces will be updating web client port forwarding to improve security, reliability, and performance for users. As part…

When new token types are added to secret scanning, GitHub Advanced Security customers using secret scanning can view any matching secrets exposed historically in an issue’s title, description or comments…

GitHub Actions – OpenId Connect (OIDC) integration with AWS is now optimized to avoid pinning any intermediary certificate thumbprints. While configuring GitHub as an OIDC IdP (ID Provider), AWS now…

In April, we announced that GitHub Enterprise Cloud customers could join a public beta for streaming API request events as part of their enterprise audit log. As part of that…

Have your say to protect open source in the EU.

Passkeys are a replacement for passwords when signing in, providing higher security, ease-of-use, and loss-protection. They’re now available on GitHub.com as a public beta – see this blog post for…

Passkeys are now available in public beta. Opting in lets you upgrade security keys to passkeys, and use those in place of both your password and your 2FA method.