Search results for: organization

Last week we launched code scanning out of beta and have since announced integrations with static analysis and developer security training solutions. By expanding our GitHub security ecosystem, developers can…

Limit use of external actions within Actions workflow for enterprises, organizations, and repositories.

Last week, we launched code scanning for all open source and enterprise developers, and we promised we’d share more on our extensibility capabilities and the GitHub security ecosystem. Today, we’re…

Temporary interaction limits give you control over who interacts with your public repositories. You can use them to force a cool-down period during heated discussions, or to prevent spam or…

The default branch name for new repositories is now main. To set a different default: For users, on the https://github.com/settings/repositories page For organization owners, on the https://github.com/organizations/YOUR-ORGANIZATION/settings/repository-defaults page For enterprise…

You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions. You can limit external actions to…

Earlier this month we were thrilled to welcome the OpenJDK Community to GitHub. The communities migration effort, codenamed Project ‘Skara’, brought JDK 16 main-line development into GitHub. The JDK project is at the…

You can now run CodeQL analysis in any CI/CD setup and upload the results to GitHub code scanning. Previously, the code scanning beta required users to run their CodeQL analysis…

In this interview, we dig deeper with Maya Kaczorowski on what DevSecOps is, and how to apply it. It’s a mindset shift in how development teams think about security. DevSecOps is about making all parties who are part of the application development lifecycle accountable for security of the application.

GitHub Enterprise Server 2.22 is now here with GitHub Actions, Packages and Advanced Security Code Scanning available for the very first time.

Announcing the public beta of our new integration between GitHub and Microsoft Teams.

Repositories that use GitHub Pages can now build and deploy from any branch. Publishing to the special gh-pages branch will still work the same as it always has, but you…

At GitHub, we spend a lot of time thinking about and building secure products—and one key facet of that is threat modeling. This practice involves bringing security and engineering teams…

The most important way to protect supply chain threats? Scan code for security vulnerabilities, learn how to find vulnerabilities in code, and quickly patch them with dynamic code analysis tools.

GitHub Container Registry introduces easy sharing across organizations, fine-grained permissions, and free, anonymous access for public container images

Account and billing admins can now provide a list of email addresses to receive billing notifications, including threshold notifications for Actions and Packages. The email addresses may belong to users…

Until now, organization admins couldn’t view Actions and Packages billing history if the organization was part of an enterprise account. Now, organization admins can view that information so they can…

You can now set the default branch name for newly-created repositories under your username. This setting does not impact any of your existing repositories. Existing repositories will continue to have…

Keeping open source software secure is a community responsibility. But with millions of projects, it’s hard to pinpoint the right signal from noise—and find and fix the vulnerabilities that really…

GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.

GitHub Actions hosted virtual environments are a turn-key option for running your workflows. But if you need fine-grained control and customization of your environment, then self-hosted runners give you full…