
Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. The CodeQL Action v1 will be deprecated at the same time as GHES 3.3,…
2022-04-27 Update: While the git.io url redirection service is read-only and use of the service is limited, we have received feedback from developers and academic researchers who have published git.io…
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work.
Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.36.
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…
Dependabot alerts now show if your repository code is calling known vulnerable functions from the dependency’s vulnerability. If your code is calling vulnerable code paths, this information is surfaced via…
GitHub now protects you by scanning public repos for leaked GitHub login credentials. If you accidentally expose your username and password in code or commit metadata, we will automatically reset…
GitHub Advanced Security customers can now dry run custom secret scanning patterns at the organization (and repository) level. Dry runs allow admins to understand a pattern’s impact across an organization…
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
The audit log now includes events associated with secret scanning custom patterns. This data helps GitHub Advanced Security customers understand actions taken on their repository, organization, or enterprise level custom…
A new DependabotUpdate GraphQL object connects the relevant repository’s Dependabot alert(s) – aka vulnerabilityAlerts – to the Dependabot generated pull request or error. query($repo_owner:String!, $repo_name:String!) { repository(owner: $repo_owner, name: $repo_name)…
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.
A new GitHub Action enforces dependency reviews on PRs by scanning for dependencies and warning you about any associated security vulnerabilities. This is supported by a new API endpoint that…
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.
GitHub Advanced Security customers using secret scanning can now opt to receive a webhook each time a secret is detected in a new location. The secret_scanning_alert_location webhook event includes location…
Users of Dependabot version updates can now proactively update their dependencies for Flutter or Dart projects which use the pub package manager. To test version updates on your own Dart…
From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.