Search results for: Security

If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked…

GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and…

GitHub Advanced Security customers can now specify custom patterns for use in private repo secret scanning. When a new pattern is specified, secret scanning searches a repository’s entire git history…

One month ago, we started a discussion with the community about proposed revisions to clarify GitHub’s policies on security research, malware, and exploits with the goal to enable, welcome, and…

GitHub Enterprise Server 3.1 is now generally available for all customers. It helps customers work with large, busy repositories, while enabling developers to develop and deploy with less effort than…

You can now configure which code scanning alert severity levels cause a pull request check to fail. This lets you prevent pull requests that generate alerts with chosen severity levels…

Free text search is now available for code scanning alerts. You can search code scanning results to quickly find specific alerts without having to know exact search terms. The search…

Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to…

The GitHub Advisory Database now includes sixty curated Go advisories and will continue to grow as we curate existing and new advisories for the Go ecosystem. The addition of Go…

GitHub Enterprise Cloud self-service compliance reports have moved to the compliance tab. Enterprise owners may download and view current GitHub compliance reports from the Compliance tab of their enterprise account:…

We’ve seen some amazing community projects this last month. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech to weekend hobbies. There…

GitHub Enterprise Server 3.1 is available now as a release candidate. The latest version of GitHub Enterprise Server brings a host of features to help teams focus on the work…

GitHub Enterprise Server 3.1 is now available to download as a release candidate. This release follows the most popular GitHub Enterprise Server release in years. GitHub Enterprise Server 3.0 brought…

Dependabot version updates no longer support Elm 0.18. This version of Elm was hosted on Bintray, which was shut down on May 1, 2021. Dependabot still supports Elm 0.19, so…

Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the…

April 30, 2021 update: Thank you to everyone who’s weighed in on the discussion so far. I’ve commented in the pull request to clarify a few points based on initial…

To improve security and confidence in the authenticity of your contributions, you can flag commits and tags on GitHub.com that are attributed to you but not signed by you. With…

At GitHub, we believe in the extraordinary potential and power of a diverse, collaborative developer community to accelerate human progress. Just look at the first-ever powered flight on another planet…

Pull request and review-related events are now included in the audit log at both the enterprise and organization levels. This helps administrators better monitor pull request activity and ensure security…

Can agreement terms be a great user experience? This was the challenge GitHub’s legal department set for itself last year. We’re excited to announce all-new GitHub Customer Terms for our…

GitHub Actions now lets you control the permissions granted to the GITHUB_TOKEN secret. The GITHUB_TOKEN is an automatically generated secret that lets you make authenticated calls to the GitHub API…