Search results for: Security

Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to…

The GitHub Advisory Database now includes sixty curated Go advisories and will continue to grow as we curate existing and new advisories for the Go ecosystem. The addition of Go…

GitHub Enterprise Cloud self-service compliance reports have moved to the compliance tab. Enterprise owners may download and view current GitHub compliance reports from the Compliance tab of their enterprise account:…

We’ve seen some amazing community projects this last month. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech to weekend hobbies. There…

GitHub Enterprise Server 3.1 is available now as a release candidate. The latest version of GitHub Enterprise Server brings a host of features to help teams focus on the work…

GitHub Enterprise Server 3.1 is now available to download as a release candidate. This release follows the most popular GitHub Enterprise Server release in years. GitHub Enterprise Server 3.0 brought…

Dependabot version updates no longer support Elm 0.18. This version of Elm was hosted on Bintray, which was shut down on May 1, 2021. Dependabot still supports Elm 0.19, so…

Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the…

April 30, 2021 update: Thank you to everyone who’s weighed in on the discussion so far. I’ve commented in the pull request to clarify a few points based on initial…

To improve security and confidence in the authenticity of your contributions, you can flag commits and tags on GitHub.com that are attributed to you but not signed by you. With…

At GitHub, we believe in the extraordinary potential and power of a diverse, collaborative developer community to accelerate human progress. Just look at the first-ever powered flight on another planet…

Pull request and review-related events are now included in the audit log at both the enterprise and organization levels. This helps administrators better monitor pull request activity and ensure security…

Can agreement terms be a great user experience? This was the challenge GitHub’s legal department set for itself last year. We’re excited to announce all-new GitHub Customer Terms for our…

GitHub Actions now lets you control the permissions granted to the GITHUB_TOKEN secret. The GITHUB_TOKEN is an automatically generated secret that lets you make authenticated calls to the GitHub API…

In February 2020, to strengthen the security of our API, we deprecated API Authentication via Query Parameters and the OAuth Application API to avoid unintentional logging of in-transit access tokens.…

The GitHub app is built on Slack’s workspace apps which is now deprecated. The legacy GitHub app will stop working on July 15, 2021. We have built a new version…

We’re excited to share a deep dive into how our new authentication token formats are built and how these improvements are keeping your tokens more secure. As we continue to…

Secret scanning for private repositories is now generally available for all GitHub Advanced Security customers on GitHub Enterprise Cloud. Since announcing the beta last year, we’ve: Expanded our pattern coverage…

As we announced previously, the format of GitHub authentication tokens has changed. The following token types are affected: Personal Access Tokens OAuth Access Tokens GitHub App User-to-Server Tokens GitHub App…

Millions of repos use Dependabot to keep their dependencies up to date, either by updating when a Dependabot alert lets them know about a vulnerable dependency (security updates), or on…

Dependabot now supports bundler v2 for both security and version updates. Learn more about Dependabot version updates and security updates. To see what’s next for Dependabot, visit the public roadmap.