Search results for: Security

Explore how GitHub Enterprise can help you transform your software engineering organization and practices.

You may know that GitHub encrypts your source code at rest, but you may not have known that we encrypt sensitive database columns as well. Read about our column encryption strategy and our decision to adopt the Rails column encryption standard.

CodeQL now officially supports customizing the build configuration for Go analysis in the Actions workflow file. This aligns the Go configuration experience with the C/C++, C#, and Java analysis. The…

The GitHub Enterprise Server 3.7 release candidate is here GitHub Enterprise Server 3.7 brings new capabilities to help companies build and deliver secure software, more quickly. With over 70 new…

The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.

Dependabot now supports updates to Python dependencies for pyproject.toml files that follow the PEP 621 standard for our supported Python package managers. Learn more about Dependabot’s supported ecosystems and package…

Dependabot now supports now supports the increase-if-necessary versioning strategy for the Python ecosystem. This allows you to reduce Dependabot version updates when your current dependency requirement is already satisfied by…

GitHub now stores detected secrets using symmetric encryption. Storing the encrypted secret allows secret scanning to provide the best possible user experience. Previously, we only stored the locations of the…

The enterprise audit log now records changes to GitHub Advanced Security, secret scanning, and push protection enablement. See business_secret_scanning See business_secret_scanning_push_protection See business_secret_scanning_push_protection_custom_message The organization-level audit log now also records…

We’re always trying to improve the GitHub developer experience in meaningful ways, and we love learning from our customers. In the last several months we released several new fork capabilities, and we’re publishing revised fork documentation that gives more details with clearer explanations to make fork concepts easier to understand.

OpenID Connect (OIDC) support in GitHub Actions enables secure cloud deployments using short-lived tokens that are automatically rotated for each deployment. You can now use the enhanced OIDC support to…

You can now retrieve all your Dependabot alerts at the GitHub organization level via the REST API. This new API endpoint supplements the recently introduced Dependabot alerts REST API and…

Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens.

GitHub will regularly run a historical scan to detect newly added secret types on repositories with GitHub Advanced Security and secret scanning enabled. Previously, customers could manually trigger a historical…

GitHub is sponsoring Open Source Initiative’s Deep Dive: AI because we think it’s important for the community to unpack how open source software, process, and principles can help best deliver on the promise of AI.

Explore 80+ content sessions delivered by over 120 different speakers, across two days and four content tracks, all designed to level up your skills.

Developers can now view GitHub code scanning findings directly in VS Code and GitHub Codespaces. The new Microsoft SARIF Viewer extension gives developers direct access to their code scanning results, making remediating vulnerabilities easier than ever.

If you are an owner of an enterprise with GitHub Advanced Security, you can now enable secret scanning and push protection across your entire enterprise with only 1 click. This…

Dart developers will now receive Dependabot alerts for known vulnerabilities on their pubspec dependencies. The dependency graph supports detecting pubspec.lock and pubspec.yaml files. Dependencies from these files will be displayed…

In September, we experienced one incident that resulted in degraded performance across GitHub services. We also experienced one incident resulting in significant impact to Codespaces. We are still investigating that incident and will include it in next month’s report. This report also sheds light into an incident that impacted Codespaces in August and an incident that impacted Actions in August.

GitHub Universe is back and more robust than ever, with two great ways to engage with everything this global developer event has to offer.