Open source maintainers can now opt-in to private vulnerability reporting, a dedicated communications channel where the community can disclose security issues directly to you on GitHub. You can see reports…
Last year, we launched Ruby analysis support in beta for GitHub code scanning. Today, we’re announcing the general availability of this feature — covering even more vulnerabilities in Ruby code.…
See what we’re building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease.
Here’s how nonprofits and the social sector are using open source to drive social good.
In 2022, governments and the policy community spent a lot of time thinking about open source. Here’s what that means and why it matters.
By our estimation at GitHub, over 30% of Fortune 100 companies have now implemented OSPOs. Here’s what that means for open source.
We know that companies benefit from open source. That’s why we’re making it easier for companies to financially support projects.
GitHub Enterprise Server 3.7 is now generally available. This release continues our trend of bringing new features to GitHub Enterprise Server (GHES) in record numbers. Beyond the numbers, the features…
GitHub Enterprise Server 3.7 is available now, including a single view of code risk, new forking and repository policies, and security enhancements to the management console.
Dependabot helps you keep your dependencies up-to-date with Dependabot version updates. These pull requests are configured via a dependabot.yml file. Starting today, if you fork a repository with an existing…
GitHub Advanced Security customers using secret scanning can now specify a custom link via the organization level REST API that will show in the message when push protection detects and…
This post is the second part in a series about ActiveRecord::Encryption that shows how GitHub upgrades previously encrypted and unencrypted columns to ActiveRecord::Encryption.
CodeQL comes with a built-in package manager that helps you share and manage custom queries. Last year, we announced the public beta of CodeQL packaging — including direct integration into…
You can now retrieve all your Dependabot alerts at the GitHub enterprise level via the REST API. This new API endpoint supplements the recently introduced Dependabot alerts REST API, Dependabot…
GitHub Actions workflows often specify the version of an action using the commit SHA. Since commit SHAs are immutable, this ensures that Actions always picks the same version. Commit SHAs,…
Some seriously spooktacular open source games for the web, Windows, macOS, and Linux with all sorts of fun hacks for infinite lives, invulnerability, and playing with time.
You can now build your agenda on GitHubUniverse.com! Whether you’re just getting started or you’re a seasoned industry professional, there’s a session for you.
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…
Explore how GitHub Enterprise can help you transform your software engineering organization and practices.
You may know that GitHub encrypts your source code at rest, but you may not have known that we encrypt sensitive database columns as well. Read about our column encryption strategy and our decision to adopt the Rails column encryption standard.
CodeQL now officially supports customizing the build configuration for Go analysis in the Actions workflow file. This aligns the Go configuration experience with the C/C++, C#, and Java analysis. The…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
