Organizations with GitHub Advanced Security can now prevent secret leaks with secret scanning’s new push protection feature. For repositories with push protection enabled, GitHub will block any pushes where a…
The code scanning alert page now shows the analysis origin for an alert. Code scanning alerts can originate from different analysis configurations on a repository. These may be using different…
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user…
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…
You can now enforce consistent usage of self-hosted runner groups across your organization and enterprise.
GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets we help protect users from data leaks and fraud associated with…
Our community has shipped lots of open source project updates in the last month. Here’s a few of our staff picks.
The code scanning alert page now always shows the alert status and information for the default branch. There is a new ‘Affected branches’ panel in the sidebar to see the…
We are excited to announce that the newest version of GitHub Enterprise Server is now available. This update includes enhancements to make developing software even easier for everyone with a…
GitHub changed which keys are supported in SSH and removed the unencrypted Git protocol. You can read more about the motivation behind these changes in our blog post from last…
We’ve introduced several new features to help enterprise owners more easily manage their accounts, including two features now in public beta.
You can now reopen dismissed Dependabot alerts through the UI page for a closed alert. This update will not affect Dependabot pull requests or the GraphQL API. For more information,…
In February, we experienced one incident resulting in significant impact to multiple GitHub services.
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.
GitHub code scanning supports a wide variety of code analysis engines through GitHub Actions workflows — including our own CodeQL engine. Users can now discover and configure Actions workflow templates…
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.
The GitHub Enterprise Server 3.4 Release Candidate is available. This release brings over 60 new features including reusable workflows for GitHub Actions, Ruby support for GitHub Advanced Security Code Scanning,…
GitHub Advanced Security customers can now enable secret scanning for their archived repositories via the UI and API. For more information: About secret scanning About archived repositories
Practical tips on how to apply OWASP Top 10 Proactive Control C4.
GitHub Enterprise Server 3.4 is now generally available for all customers. This release makes software development faster and more secure with new features like reusable workflows, Dependabot security updates, and GitHub Advanced Security enhancements.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
