Search results for: Security

GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. PlanetScale is…

Beginning October 4, 2021, all connections to npm websites and the npm registry, including for package installation, must use TLS 1.2 or higher.

The open source Git project just released Git 2.33, with features and bug fixes from over 74 contributors. Here’s a look at some of the most interesting features and changes.

The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.

A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.

The Audit Log now includes events associated with GitHub Actions self-hosted runners. This data provides enterprise customers with an expanded data set for security and compliance audits. New events will…

As announced in April, Dependabot Preview is shutting down today, as it has been replaced by GitHub-native Dependabot. To keep getting pull requests that update your packages, upgrade to GitHub-native…

The CodeQL package manager is now available in public beta on GitHub.com. CodeQL packages can contain CodeQL queries and CodeQL libraries — and of course you can express dependencies between…

This month, we have some exciting updates to share. A lot of you have welcomed the improvements to your ability to sync a forked repo with upstream from the web…

GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. GitHub has…

We’ve improved the depth of CodeQL’s analysis by adding support for more libraries and frameworks and increasing the coverage of our existing library and framework models for several languages (C++,…

Code scanning with CodeQL now generates diagnostic information for all supported languages. Before analyzing your code, CodeQL first creates a CodeQL database containing all of the important information about your…

The latest release of the CodeQL CLI supports creating CodeQL databases for multiple languages in a single command. This makes it easier for customers using CI/CD systems other than GitHub…

Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.…

In May, GitHub shipped a total of 20 new features. We love what we do, but we know it’s a lot to keep up with. So we’re trying something new on the GitHub Blog—a monthly recap of everything that shipped to Changelog in the past month. Check out some of the updates you might have missed.

polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.

Dependabot version updates now supports Terraform <= 1.0. We have also added support for lockfiles, providers, and private registries. Thank you to @jmahowald and @userhas404d whose contributions were critical in…

Dependabot security and version updates now support pip version 21.1.2, pip-tools version 6.1.0, and pipenv version 2021-05-29. This release also removes support for Python 2, which was officially sunset on…

If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked…

GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and…

GitHub Advanced Security customers can now specify custom patterns for use in private repo secret scanning. When a new pattern is specified, secret scanning searches a repository’s entire git history…