To further reduce the risk of a user using Actions to merge a change into a protected branch that was not reviewed by another person, the organization setting to disallow…
This is the second and final post in a series describing friendly forks and alternative strategies for managing them.
Now organization admins can pin a repository to their public or member-facing organization profiles directly from the repository page with the new pin repository dropdown. Public repositories will be pinned…
Organizations with GitHub Advanced Security can now prevent secrets leaked in code committed via the command line and the GitHub web editor with secret scanning’s push protection feature. For repositories…
This is the first post in a two-part series describing friendly forks and alternative strategies for managing them. Stay tuned for part two coming in May!
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work.
Codespaces now has improvements that will streamline your experience when working with multi-repository and monorepo projects. To enable teams to develop applications that span across multiple repositories (e.g. common in…
We’re releasing exciting improvements that will streamline your Codespaces experience when working with multi-repository projects and monorepos.
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.
Teachers we have heard your feedback! The GitHub Classroom team is excited to announce the ability to easily reuse an Assignment across Classrooms and/or from semester-to-semester. You dont have to…
Repository administrators can now configure how often/when prebuild configurations for a given branch should be updated. Prebuilds enable developers to startup Codespaces in seconds – regardless of repository size or…
Enterprise owners can now prevent organization owners from inviting outside collaborators to repositories in their enterprise. The “Repository outside collaborators” policy includes an additional option, “Enterprise admins only”, which restricts…
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
The audit log now includes events associated with secret scanning custom patterns. This data helps GitHub Advanced Security customers understand actions taken on their repository, organization, or enterprise level custom…
In March, we experienced several incidents resulting in significant impact to multiple GitHub services.
A new GitHub Action enforces dependency reviews on PRs by scanning for dependencies and warning you about any associated security vulnerabilities. This is supported by a new API endpoint that…
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
