We’ve added support for Java 16 standard language features (such as records and pattern matching) to CodeQL. Code using those features can now benefit from CodeQL’s security analysis as part…
GitHub code scanning with CodeQL works seamlessly with GitHub Actions. For users of other CI/CD systems, we provided a way to run the code analysis using the CodeQL runner. The…
During an audit of Apache Dubbo v2.7.8 source code, I found multiple vulnerabilities enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers. In this blog post I detailed how I leveraged CodeQL as an audit oracle to help me find these issues.
GitHub Advanced Security customers can now edit their custom patterns defined at the repository, organization, and enterprise levels. After a user edits and saves a pattern, secret scanning searches for…
If you’re a GitHub Enterprise Cloud customer, you can now set up a stream of audit log and Git events to Splunk or an Azure Event Hub.
GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. Contributed Systems…
What did we ship in August? Codespaces, Discussions, and lots of other updates, from the general availability of the dark high contrast theme to an auto-generated table of contents for wikis.
GitHub Advanced Security customers can now view all their private repo secret scanning alerts in the organization security tab. This view is currently only available to organization owners, but will…
The GitHub Enterprise Server 3.2 Release Candidate is available. This release includes more than 70 new features and changes to improve the developer experience and deliver new security capabilities for…
How GitHub uses code scanning to increase developer happiness, and how you can too.
The end of financial year is complete, tax time is over, and everyone is back to shipping awesome projects. During August, our community has been super busy shipping lots of…
Calling all students! Get the most out of your GitHub Education experience by joining the GitHub student community on our new digital campus.
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.
GitHub Advanced Security customers can now retrieve private repository secret scanning results at the organization level via the GitHub REST API. This new endpoint, in beta, supplements the existing repository-level…
GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. PlanetScale is…
Beginning October 4, 2021, all connections to npm websites and the npm registry, including for package installation, must use TLS 1.2 or higher.
The open source Git project just released Git 2.33, with features and bug fixes from over 74 contributors. Here’s a look at some of the most interesting features and changes.
The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.
A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.
The Audit Log now includes events associated with GitHub Actions self-hosted runners. This data provides enterprise customers with an expanded data set for security and compliance audits. New events will…
As announced in April, Dependabot Preview is shutting down today, as it has been replaced by GitHub-native Dependabot. To keep getting pull requests that update your packages, upgrade to GitHub-native…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
