Search results for: Security

2022-04-27 Update: While the git.io url redirection service is read-only and use of the service is limited, we have received feedback from developers and academic researchers who have published git.io…

Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.

From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.

We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work.

Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.36.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…

Dependabot alerts now show if your repository code is calling known vulnerable functions from the dependency’s vulnerability. If your code is calling vulnerable code paths, this information is surfaced via…

GitHub now protects you by scanning public repos for leaked GitHub login credentials. If you accidentally expose your username and password in code or commit metadata, we will automatically reset…

GitHub Advanced Security customers can now dry run custom secret scanning patterns at the organization (and repository) level. Dry runs allow admins to understand a pattern’s impact across an organization…

Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.

Learn how to build packages with SLSA 3 provenance using GitHub Actions.

The audit log now includes events associated with secret scanning custom patterns. This data helps GitHub Advanced Security customers understand actions taken on their repository, organization, or enterprise level custom…

A new DependabotUpdate GraphQL object connects the relevant repository’s Dependabot alert(s) – aka vulnerabilityAlerts – to the Dependabot generated pull request or error. query($repo_owner:String!, $repo_name:String!) { repository(owner: $repo_owner, name: $repo_name)…

The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.

A new GitHub Action enforces dependency reviews on PRs by scanning for dependencies and warning you about any associated security vulnerabilities. This is supported by a new API endpoint that…

We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.

GitHub Advanced Security customers using secret scanning can now opt to receive a webhook each time a secret is detected in a new location. The secret_scanning_alert_location webhook event includes location…

Users of Dependabot version updates can now proactively update their dependencies for Flutter or Dart projects which use the pub package manager. To test version updates on your own Dart…

From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.

The CodeQL runner has been deprecated in favor of the CodeQL CLI. As previously announced, starting March 14th, the CodeQL bundle now no longer includes the CodeQL runner. This deprecation…

Currently, forwarded ports within codespaces can be set to private in which case they can be accessed only by the owner of the codespace, be shared with members of the…