Search results for: Security

We changed the GitHub Actions self-hosted runner group default access to disable “Allow public repositories.” This change impacts runner groups created before Sep 4, 2020 and changes those runner groups…

It’s time for Major League Hacking’s (MLH) annual Local Hack Day: Learn, a worldwide celebration of learning. Do you have a framework that you have wanted to try? Or perhaps…

The ninth annual js13kGames competition wrapped up last weekend with over 220 games submitted. All created in a month and in less than 13kB of JavaScript. For anyone not in…

Last week we launched code scanning out of beta and have since announced integrations with static analysis and developer security training solutions. By expanding our GitHub security ecosystem, developers can…

Limit use of external actions within Actions workflow for enterprises, organizations, and repositories.

npm is introducing a new setting for access tokens to support publishing to the npm registry from CI/CD workflows. Previously, you could create an access token with one of two…

A moderate security vulnerability has been identified in the GitHub Actions runner that can allow environment variable and path injection in workflows that log untrusted data to STDOUT. This can…

You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions. You can limit external actions to…

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Today we’re excited to announce that code scanning is generally available on GitHub.com.…

Earlier this month we were thrilled to welcome the OpenJDK Community to GitHub. The communities migration effort, codenamed Project ‘Skara’, brought JDK 16 main-line development into GitHub. The JDK project is at the…

Now available, code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production.

You can now run CodeQL analysis in any CI/CD setup and upload the results to GitHub code scanning. Previously, the code scanning beta required users to run their CodeQL analysis…

We recently shipped support for the origin-bound draft standard for security codes delivered via SMS. This standard ensures security codes are entered in a phishing-resistant manner. It accomplishes this by binding an SMS with…

Remote Education explores the challenges of organizing student communities and events online. We’ll be speaking with event organizers and community leaders in the industry and academics each week to help…

In this interview, we dig deeper with Maya Kaczorowski on what DevSecOps is, and how to apply it. It’s a mindset shift in how development teams think about security. DevSecOps is about making all parties who are part of the application development lifecycle accountable for security of the application.

GitHub Enterprise Server 2.22 is now here with GitHub Actions, Packages and Advanced Security Code Scanning available for the very first time.

A free two-day single track conference live on September 24 – 25, 2020 in celebration of our culture and LatinX heritage month. You will join a live stream of interactive talks by industry experts in both Spanish, Portuguese and English, with live captioning and translation. Topics will include software development, security, technical project management, civic tech, open source, professional development and best practices.

Lee este artículo en español Estamos muy entusiasmados en anunciar nuestro siguiente evento virtual en América Latina: GitHub ¡Presente! en Español El primer evento será el Martes 22 de Septiembre…

In May, we announced the beta release of GitHub Codespaces, a cloud development environment that lets you code from anywhere. Thousands of users are using Codespaces to improve collaboration, onboard faster,…

Secret leaks are one of the most common security mistakes, and they can have disastrous consequences. GitHub Secret Scanning looks for leaked secrets in all public repositories, and enrolled private…

If you are enrolled in the GitHub Advanced Security code scanning beta, we are releasing new APIs for you to start using. This release also includes some breaking changes to…