Search results for: Security

How GitHub uses code scanning to increase developer happiness, and how you can too.

The end of financial year is complete, tax time is over, and everyone is back to shipping awesome projects. During August, our community has been super busy shipping lots of…

Calling all students! Get the most out of your GitHub Education experience by joining the GitHub student community on our new digital campus.

We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.

GitHub Advanced Security customers can now retrieve private repository secret scanning results at the organization level via the GitHub REST API. This new endpoint, in beta, supplements the existing repository-level…

GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. PlanetScale is…

Beginning October 4, 2021, all connections to npm websites and the npm registry, including for package installation, must use TLS 1.2 or higher.

The open source Git project just released Git 2.33, with features and bug fixes from over 74 contributors. Here’s a look at some of the most interesting features and changes.

The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.

A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.

The Audit Log now includes events associated with GitHub Actions self-hosted runners. This data provides enterprise customers with an expanded data set for security and compliance audits. New events will…

As announced in April, Dependabot Preview is shutting down today, as it has been replaced by GitHub-native Dependabot. To keep getting pull requests that update your packages, upgrade to GitHub-native…

The CodeQL package manager is now available in public beta on GitHub.com. CodeQL packages can contain CodeQL queries and CodeQL libraries — and of course you can express dependencies between…

This month, we have some exciting updates to share. A lot of you have welcomed the improvements to your ability to sync a forked repo with upstream from the web…

GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. GitHub has…

We’ve improved the depth of CodeQL’s analysis by adding support for more libraries and frameworks and increasing the coverage of our existing library and framework models for several languages (C++,…

Code scanning with CodeQL now generates diagnostic information for all supported languages. Before analyzing your code, CodeQL first creates a CodeQL database containing all of the important information about your…

The latest release of the CodeQL CLI supports creating CodeQL databases for multiple languages in a single command. This makes it easier for customers using CI/CD systems other than GitHub…

Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.…

In May, GitHub shipped a total of 20 new features. We love what we do, but we know it’s a lot to keep up with. So we’re trying something new on the GitHub Blog—a monthly recap of everything that shipped to Changelog in the past month. Check out some of the updates you might have missed.

polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.