Search results for: Security

OpenID Connect (OIDC) support in GitHub Actions enables secure cloud deployments using short-lived tokens that are automatically rotated for each deployment. You can now use the enhanced OIDC support to…

You can now retrieve all your Dependabot alerts at the GitHub organization level via the REST API. This new API endpoint supplements the recently introduced Dependabot alerts REST API and…

Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens.

GitHub will regularly run a historical scan to detect newly added secret types on repositories with GitHub Advanced Security and secret scanning enabled. Previously, customers could manually trigger a historical…

GitHub is sponsoring Open Source Initiative’s Deep Dive: AI because we think it’s important for the community to unpack how open source software, process, and principles can help best deliver on the promise of AI.

Explore 80+ content sessions delivered by over 120 different speakers, across two days and four content tracks, all designed to level up your skills.

Developers can now view GitHub code scanning findings directly in VS Code and GitHub Codespaces. The new Microsoft SARIF Viewer extension gives developers direct access to their code scanning results, making remediating vulnerabilities easier than ever.

If you are an owner of an enterprise with GitHub Advanced Security, you can now enable secret scanning and push protection across your entire enterprise with only 1 click. This…

Dart developers will now receive Dependabot alerts for known vulnerabilities on their pubspec dependencies. The dependency graph supports detecting pubspec.lock and pubspec.yaml files. Dependencies from these files will be displayed…

In September, we experienced one incident that resulted in degraded performance across GitHub services. We also experienced one incident resulting in significant impact to Codespaces. We are still investigating that incident and will include it in next month’s report. This report also sheds light into an incident that impacted Codespaces in August and an incident that impacted Actions in August.

GitHub Universe is back and more robust than ever, with two great ways to engage with everything this global developer event has to offer.

Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.38.

GitHub’s audit log allows admins to quickly review the actions performed by members of their Enterprise. It includes details such as who performed the action, what the action was, and…

We’ve been responding to your feedback – here’s a recap of some changes recently made to Dependabot alerts. Dependabot Alerts details pages now auto-magically refresh after PR generation attempts are…

Access to the open internet is essential to defending human rights, and developers have an important role in promoting freedom of expression and transparency. GitHub is committed to keeping Iranians connected to the global developer community.

GitHub Advanced Security customers can now view a timeline of actions taken on a secret scanning alert, including when a contributor bypassed the push protection on a secret. Users can…

In February 2022, we launched a new feature called community contributions to security advisories. We’ve continued to iterate on this feature, and recently released more improvements: You’re now prompted to…

Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

You can now programmatically view and act on Dependabot alerts via the REST API. New endpoints to view, list, and update Dependabot alerts are available in a public beta. For…

We’re launching GitHub for Startups to give your startup the tools needed to go from idea to unicorn status on the world’s largest developer platform.