SCA vs SAST: what are they and which one is right for you?
We’re taking a look at two commonly-used security tools and detailing how they can help secure your projects.
We’re taking a look at two commonly-used security tools and detailing how they can help secure your projects.
Your GitHub repositories with Dependabot alerts enabled and Dependabot security updates enabled will automatically generate Dependabot pull requests for vulnerable npm transitive dependencies. Previously, Dependabot couldn’t generate a security update…
In August, we experienced one incident resulting in significant impact to Codespaces. We’re still investigating that incident and will include it in next month’s report. This report also sheds light into an incident that impacted Codespaces in July.
When the GitHub Copilot Technical Preview launched just over one year ago, we wanted to know one thing: Is this tool helping developers? The GitHub Next team conducted research using a combination of surveys and experiments, which led us to expected and unexpected answers.
Live on September 15, 2022, with talks by industry experts in Spanish, Portuguese, and English, on topics including software development, security, technical project management, community, open source, professional development and best practices.
We’ve been gearing up to launch GitHub Universe 2022 and our community has been launching cool projects left right and center. These projects include everything from world-changing technology to developer…
This fifth and final part of our blog series exploring Git’s internals shows several strategies for scaling your Git repositories that match related database sharding techniques.
Now your team can spend less time managing infrastructure and more time writing code.
Git’s file history queries use specialized algorithms that are tailored to common developer behavior. Level up your history spelunking skills by learning how different history modes behave and which ones to use when you need them.
The default code scanning query suites include checks for the most important security vulnerabilities for each supported language, so that any potential problems can be surfaced to developers before they…
The future of software development does not exist without open source. However, to maintain today’s software and create the software of the future, the largest organizations and beneficiaries of open source need to expand their collaboration with the community and help it grow.
GitHub Enterprise Cloud administrators who have IP allow lists set up for their enterprises, organizations, or GitHub Apps can now check whether an IP address is permitted within the IP…
GitHub Advanced Security customers using secret scanning can now specify a custom link that will show in the error message when push protection detects and blocks a potential secret. Admins…
OpenID Connect (OIDC) support in GitHub Actions is now enhanced to support secure cloud deployments at scale. Org & repo admins can use the new OIDC API support to: enable…
Today we are deprecating the theme picker we introduced in 2012 for GitHub Pages. While this experience allowed users to preview a theme in the user interface, we are doing…
Dependabot alerts users can now add an optional comment when dismissing an alert. These comments (maximum 280 characters) are viewable in the alert timeline and via the new dismissComment field…
We’ve made a series of improvements to the GitHub Connect license sync feature in addition to the “Sync now” button we recently added in GHES: Enterprise administrators can now access…
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…
GitHub Discussions and Audit Log Streaming, new automation features, and security enhancements are available now in GitHub Enterprise Server 3.6.
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve continued with the more granular reporting we began in our 2021 reports.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.