Search results for: Security

Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.…

In May, GitHub shipped a total of 20 new features. We love what we do, but we know it’s a lot to keep up with. So we’re trying something new on the GitHub Blog—a monthly recap of everything that shipped to Changelog in the past month. Check out some of the updates you might have missed.

polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.

Dependabot version updates now supports Terraform <= 1.0. We have also added support for lockfiles, providers, and private registries. Thank you to @jmahowald and @userhas404d whose contributions were critical in…

Dependabot security and version updates now support pip version 21.1.2, pip-tools version 6.1.0, and pipenv version 2021-05-29. This release also removes support for Python 2, which was officially sunset on…

If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked…

GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and…

GitHub Advanced Security customers can now specify custom patterns for use in private repo secret scanning. When a new pattern is specified, secret scanning searches a repository’s entire git history…

One month ago, we started a discussion with the community about proposed revisions to clarify GitHub’s policies on security research, malware, and exploits with the goal to enable, welcome, and…

GitHub Enterprise Server 3.1 is now generally available for all customers. It helps customers work with large, busy repositories, while enabling developers to develop and deploy with less effort than…

You can now configure which code scanning alert severity levels cause a pull request check to fail. This lets you prevent pull requests that generate alerts with chosen severity levels…

Free text search is now available for code scanning alerts. You can search code scanning results to quickly find specific alerts without having to know exact search terms. The search…

Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to…

The GitHub Advisory Database now includes sixty curated Go advisories and will continue to grow as we curate existing and new advisories for the Go ecosystem. The addition of Go…

GitHub Enterprise Cloud self-service compliance reports have moved to the compliance tab. Enterprise owners may download and view current GitHub compliance reports from the Compliance tab of their enterprise account:…

We’ve seen some amazing community projects this last month. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech to weekend hobbies. There…

GitHub Enterprise Server 3.1 is available now as a release candidate. The latest version of GitHub Enterprise Server brings a host of features to help teams focus on the work…

GitHub Enterprise Server 3.1 is now available to download as a release candidate. This release follows the most popular GitHub Enterprise Server release in years. GitHub Enterprise Server 3.0 brought…

Dependabot version updates no longer support Elm 0.18. This version of Elm was hosted on Bintray, which was shut down on May 1, 2021. Dependabot still supports Elm 0.19, so…

Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the…

April 30, 2021 update: Thank you to everyone who’s weighed in on the discussion so far. I’ve commented in the pull request to clarify a few points based on initial…