GitHub Advanced Security customers can now view all their private repo secret scanning alerts in the organization security tab. This view is currently only available to organization owners, but will…
The GitHub Enterprise Server 3.2 Release Candidate is available. This release includes more than 70 new features and changes to improve the developer experience and deliver new security capabilities for…
How GitHub uses code scanning to increase developer happiness, and how you can too.
The end of financial year is complete, tax time is over, and everyone is back to shipping awesome projects. During August, our community has been super busy shipping lots of…
Calling all students! Get the most out of your GitHub Education experience by joining the GitHub student community on our new digital campus.
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.
GitHub Advanced Security customers can now retrieve private repository secret scanning results at the organization level via the GitHub REST API. This new endpoint, in beta, supplements the existing repository-level…
GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. PlanetScale is…
Beginning October 4, 2021, all connections to npm websites and the npm registry, including for package installation, must use TLS 1.2 or higher.
The open source Git project just released Git 2.33, with features and bug fixes from over 74 contributors. Here’s a look at some of the most interesting features and changes.
The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.
A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.
The Audit Log now includes events associated with GitHub Actions self-hosted runners. This data provides enterprise customers with an expanded data set for security and compliance audits. New events will…
As announced in April, Dependabot Preview is shutting down today, as it has been replaced by GitHub-native Dependabot. To keep getting pull requests that update your packages, upgrade to GitHub-native…
The CodeQL package manager is now available in public beta on GitHub.com. CodeQL packages can contain CodeQL queries and CodeQL libraries — and of course you can express dependencies between…
This month, we have some exciting updates to share. A lot of you have welcomed the improvements to your ability to sync a forked repo with upstream from the web…
GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. GitHub has…
We’ve improved the depth of CodeQL’s analysis by adding support for more libraries and frameworks and increasing the coverage of our existing library and framework models for several languages (C++,…
Code scanning with CodeQL now generates diagnostic information for all supported languages. Before analyzing your code, CodeQL first creates a CodeQL database containing all of the important information about your…
The latest release of the CodeQL CLI supports creating CodeQL databases for multiple languages in a single command. This makes it easier for customers using CI/CD systems other than GitHub…
Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
