The GitHub Enterprise Server 3.5 Release Candidate is available. New GitHub Advanced Security features are an exciting headline for this release alongside enhancements for enterprise administrators with Git events added…
Dependabot will now update @types dependencies alongside their corresponding packages in TypeScript projects. Before this change, users would see separate pull requests for a package and its corresponding @types package.…
A variety of improvements to the npm 2FA experience are now in public beta, including: Support for registering multiple second factors, such as security keys, biometric devices, and authentication applications…
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to…
You can now output and group custom Markdown content on the Actions run summary page.
Teachers, it is now your turn to join GitHub Global Campus with our student community! Get access to exclusive benefits, programs, and the Power of Codespaces at no cost in GitHub Classroom!
This is the second and final post in a series describing friendly forks and alternative strategies for managing them.
Organizations with GitHub Advanced Security can now prevent secrets leaked in code committed via the command line and the GitHub web editor with secret scanning’s push protection feature. For repositories…
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. The CodeQL Action v1 will be deprecated at the same time as GHES 3.3,…
2022-04-27 Update: While the git.io url redirection service is read-only and use of the service is limited, we have received feedback from developers and academic researchers who have published git.io…
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work.
Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.36.
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…
Dependabot alerts now show if your repository code is calling known vulnerable functions from the dependency’s vulnerability. If your code is calling vulnerable code paths, this information is surfaced via…
GitHub now protects you by scanning public repos for leaked GitHub login credentials. If you accidentally expose your username and password in code or commit metadata, we will automatically reset…
GitHub Advanced Security customers can now dry run custom secret scanning patterns at the organization (and repository) level. Dry runs allow admins to understand a pattern’s impact across an organization…
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
