Search results for: Security

AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.

Administrators, or enterprise owners, have the increased responsibility of managing their account and keeping it secure. We are excited to introduce what is new with enterprise accounts and what is coming soon.

GitHub organizations can now use the code scanning organization-level API endpoint to retrieve code scanning alerts on public repositories; this no longer requires a GitHub Advanced Security license. This new…

GitHub’s audit log allows organization and enterprise admins to quickly review the actions performed by members of their organization or enterprise. For Dependabot alerts, the audit log includes actions such…

Starting today, GitHub code scanning includes beta support for analyzing code written in Kotlin, powered by the CodeQL engine. Kotlin is a key programming language used in the creation of…

Dependabot expands its existing Hex private registry support beyond Hex organizations by adding support for self-hosted Hex repositories. You can configure your self-hosted Hex package repository as a private registry…

As we prepare for next year’s 2FA requirement for active contributors on GitHub, we’re making improvements to our two-factor setup UI to encourage best practices and ensure new 2FA users…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

How is open source changing the world and impacting businesses? In this year’s Octoverse report, we identified three big trends to watch.

GitHub Enterprise Cloud administrators can now download and view the latest GitHub SOC 1, Type 2 and SOC 2, Type 2 compliance reports for 2022. To learn more, please review…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Dependabot version updates now proactively updates Docker image tags in Kubernetes manifests. When specifying the Docker ecosystem in dependabot.yml include an entry for each directory where a Kubernetes manifest which…

You can now review and manage your browser and GitHub Mobile sessions using the new Sessions tab in your user settings. This new tab includes all of your signed-in web…

The dependency review API is now generally available. The Dependency Review GitHub Action now allows you to reference a local or external configuration file. There are also new configuration options:…

GitHub Actions Importer helps you forecast, plan, and facilitate migrations from your current CI/CD tool to GitHub Actions.

We’re giving GitHub users 60 free hours each month on Codespaces. Learn what else we shipped for Codespaces at Universe this year.

Cross-repo code navigation is now available for all Python repositories. When showing the definition of a function or method, we now include definitions from other repositories, and from the Python…

Open source maintainers can now opt-in to private vulnerability reporting, a dedicated communications channel where the community can disclose security issues directly to you on GitHub. You can see reports…

Last year, we launched Ruby analysis support in beta for GitHub code scanning. Today, we’re announcing the general availability of this feature — covering even more vulnerabilities in Ruby code.…

See what we’re building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease.

Here’s how nonprofits and the social sector are using open source to drive social good.