Search results for: Security

You can now reopen dismissed Dependabot alerts through the UI page for a closed alert. This update will not affect Dependabot pull requests or the GraphQL API. For more information,…

In February, we experienced one incident resulting in significant impact to multiple GitHub services.

As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.

GitHub code scanning supports a wide variety of code analysis engines through GitHub Actions workflows — including our own CodeQL engine. Users can now discover and configure Actions workflow templates…

Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.

Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.

The GitHub Enterprise Server 3.4 Release Candidate is available. This release brings over 60 new features including reusable workflows for GitHub Actions, Ruby support for GitHub Advanced Security Code Scanning,…

GitHub Advanced Security customers can now enable secret scanning for their archived repositories via the UI and API. For more information: About secret scanning About archived repositories

Practical tips on how to apply OWASP Top 10 Proactive Control C4.

GitHub Enterprise Server 3.4 is now generally available for all customers. This release makes software development faster and more secure with new features like reusable workflows, Dependabot security updates, and GitHub Advanced Security enhancements.

GitHub Advanced Security customers can now dry run custom secret scanning patterns at the repository level. Dry runs allow admins to review and hone their patterns before publishing them and…

A comprehensive guide for vulnerability reporters.

Today, we’re shipping improvements to Dependabot alerts that help you more easily understand and remediate vulnerabilities from dependencies in your codebase. Persisted Dependabot alerts Developers can now view alerts that…

GitHub Advanced Security customers can now view all their Dependabot alerts in the organization security tab. This view is available to organization owners and members of teams with the security…

Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate.

Users can now retrieve all their code scanning alerts at the GitHub organization level via the REST API. This new API endpoint supplements the existing repository level endpoint. This API…

Here’s January’s top staff picks on projects that shipped major version releases.

A quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it.

The dependency graph now supports detecting GitHub Actions workflow YAML files. These will be displayed within the dependency graph section in the Insights tab. Repositories that publish actions will also…

The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions!

In GitHub’s latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal.