A new DependabotUpdate GraphQL object connects the relevant repository’s Dependabot alert(s) – aka vulnerabilityAlerts – to the Dependabot generated pull request or error. query($repo_owner:String!, $repo_name:String!) { repository(owner: $repo_owner, name: $repo_name)…
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.
A new GitHub Action enforces dependency reviews on PRs by scanning for dependencies and warning you about any associated security vulnerabilities. This is supported by a new API endpoint that…
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.
GitHub Advanced Security customers using secret scanning can now opt to receive a webhook each time a secret is detected in a new location. The secret_scanning_alert_location webhook event includes location…
Users of Dependabot version updates can now proactively update their dependencies for Flutter or Dart projects which use the pub package manager. To test version updates on your own Dart…
From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.
The CodeQL runner has been deprecated in favor of the CodeQL CLI. As previously announced, starting March 14th, the CodeQL bundle now no longer includes the CodeQL runner. This deprecation…
Currently, forwarded ports within codespaces can be set to private in which case they can be accessed only by the owner of the codespace, be shared with members of the…
Organizations with GitHub Advanced Security can now prevent secret leaks with secret scanning’s new push protection feature. For repositories with push protection enabled, GitHub will block any pushes where a…
The code scanning alert page now shows the analysis origin for an alert. Code scanning alerts can originate from different analysis configurations on a repository. These may be using different…
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user…
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…
You can now enforce consistent usage of self-hosted runner groups across your organization and enterprise.
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets we help protect users from data leaks and fraud associated with…
Our community has shipped lots of open source project updates in the last month. Here’s a few of our staff picks.
The code scanning alert page now always shows the alert status and information for the default branch. There is a new ‘Affected branches’ panel in the sidebar to see the…
We are excited to announce that the newest version of GitHub Enterprise Server is now available. This update includes enhancements to make developing software even easier for everyone with a…
GitHub changed which keys are supported in SSH and removed the unencrypted Git protocol. You can read more about the motivation behind these changes in our blog post from last…
We’ve introduced several new features to help enterprise owners more easily manage their accounts, including two features now in public beta.
You can now reopen dismissed Dependabot alerts through the UI page for a closed alert. This update will not affect Dependabot pull requests or the GraphQL API. For more information,…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
