Search results for: Security

Custom repository roles are now GA for GitHub.com and Enterprise Server 3.5. Organization admins can create custom repository roles available to all repositories in their organization. Roles can be configured…

In February 2022, we launched a new feature called community contributions to security advisories. We have made a handful of changes to the UX based on your feedback: Fixed the…

The dependency graph now supports detecting Rust (Cargo.{toml,lock}) files. These will be displayed within the dependency graph section in the Insights tab. Users will receive Dependabot alerts and updates for…

CI/CD and workflow automation are native capabilities on GitHub platform. Here’s how to start using them and speed up your workflows.

Dependabot version updates help you keep your dependencies up-to-date by opening pull requests automatically when new versions are available. With this release, you can now more easily enable and configure…

Code scanning flags up potential security vulnerabilities in pull requests — well before code is merged and deployed. Starting today, such alerts will be more visible: they will appear as…

Read about all the features you may not have known come on the GitHub Free plan, and how to choose the right plan for you.

Several ways for GitHub-hosted Actions runners to connect to resources on your private network.

GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities.

You can now download the latest version of GitHub Enterprise Server. This new release introduces GitHub Container registry and continues the strong emphasis on security. Your teams will be able…

GitHub will now verify Git commit signatures and show commits as “Verified” even if their public GPG signing keys are expired or revoked (but not compromised). You can also upload…

GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.

A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.

The enterprise and organization level audit logs now record an event when a secret scanning alert is created, closed, or reopened. This data helps GitHub Advanced Security customers understand actions…

Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…

With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.

The innersource contribution percentage is the rate of contributions from people outside the team that originally authored the software. Let’s dive into what it can look like for your organization.

Dependabot alerts now show all affected files if your repository code is calling known vulnerable functions from the dependency’s vulnerability. Previously, we only highlighted one of these matches on an…

Our newly available ISO/IEC 27001:2013 Certification report can be downloaded now. For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account: https://github.com/enterprises/”your-enterprise”/settings/compliance. For…

GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices.

GitHub Advanced Security customers can now see an overview of Dependabot alerts at the enterprise level. This page provides a repo-centric view of application security risks, as well as an…