Search results for: Security

With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.

The innersource contribution percentage is the rate of contributions from people outside the team that originally authored the software. Let’s dive into what it can look like for your organization.

Dependabot alerts now show all affected files if your repository code is calling known vulnerable functions from the dependency’s vulnerability. Previously, we only highlighted one of these matches on an…

Our newly available ISO/IEC 27001:2013 Certification report can be downloaded now. For enterprises, administrators may download this report by navigating to the Compliance tab of the enterprise account: https://github.com/enterprises/”your-enterprise”/settings/compliance. For…

GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices.

GitHub Advanced Security customers can now see an overview of Dependabot alerts at the enterprise level. This page provides a repo-centric view of application security risks, as well as an…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…

GitHub Advanced Security customers can now dry run custom secret scanning patterns at the enterprise level (in addition to the organization and repository levels previously available). Dry runs allow admins…

Introduction Open Sauced, GitHub’s Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors…

The GitHub Enterprise Server 3.5 Release Candidate is available. New GitHub Advanced Security features are an exciting headline for this release alongside enhancements for enterprise administrators with Git events added…

Dependabot will now update @types dependencies alongside their corresponding packages in TypeScript projects. Before this change, users would see separate pull requests for a package and its corresponding @types package.…

A variety of improvements to the npm 2FA experience are now in public beta, including: Support for registering multiple second factors, such as security keys, biometric devices, and authentication applications…

Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to…

You can now output and group custom Markdown content on the Actions run summary page.

Teachers, it is now your turn to join GitHub Global Campus with our student community! Get access to exclusive benefits, programs, and the Power of Codespaces at no cost in GitHub Classroom!

This is the second and final post in a series describing friendly forks and alternative strategies for managing them.

Organizations with GitHub Advanced Security can now prevent secrets leaked in code committed via the command line and the GitHub web editor with secret scanning’s push protection feature. For repositories…

These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.

On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. The CodeQL Action v1 will be deprecated at the same time as GHES 3.3,…

2022-04-27 Update: While the git.io url redirection service is read-only and use of the service is limited, we have received feedback from developers and academic researchers who have published git.io…

Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.