
GitHub Actions: Fine-tune access to external actions
You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions. You can limit external actions to…
You can now fine-tune access to external actions. These updated settings make it easier to achieve your security and compliance goals with GitHub Actions. You can limit external actions to…
Earlier this month we were thrilled to welcome the OpenJDK Community to GitHub. The communities migration effort, codenamed Project ‘Skara’, brought JDK 16 main-line development into GitHub. The JDK project is at the…
You can now run CodeQL analysis in any CI/CD setup and upload the results to GitHub code scanning. Previously, the code scanning beta required users to run their CodeQL analysis…
In this interview, we dig deeper with Maya Kaczorowski on what DevSecOps is, and how to apply it. It’s a mindset shift in how development teams think about security. DevSecOps is about making all parties who are part of the application development lifecycle accountable for security of the application.
GitHub Enterprise Server 2.22 is now here with GitHub Actions, Packages and Advanced Security Code Scanning available for the very first time.
Announcing the public beta of our new integration between GitHub and Microsoft Teams.
Repositories that use GitHub Pages can now build and deploy from any branch. Publishing to the special gh-pages branch will still work the same as it always has, but you…
At GitHub, we spend a lot of time thinking about and building secure products—and one key facet of that is threat modeling. This practice involves bringing security and engineering teams…
The most important way to protect supply chain threats? Scan code for security vulnerabilities, learn how to find vulnerabilities in code, and quickly patch them with dynamic code analysis tools.
GitHub Container Registry introduces easy sharing across organizations, fine-grained permissions, and free, anonymous access for public container images
Account and billing admins can now provide a list of email addresses to receive billing notifications, including threshold notifications for Actions and Packages. The email addresses may belong to users…
Until now, organization admins couldn’t view Actions and Packages billing history if the organization was part of an enterprise account. Now, organization admins can view that information so they can…
You can now set the default branch name for newly-created repositories under your username. This setting does not impact any of your existing repositories. Existing repositories will continue to have…
Keeping open source software secure is a community responsibility. But with millions of projects, it’s hard to pinpoint the right signal from noise—and find and fix the vulnerabilities that really…
GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.
GitHub Actions hosted virtual environments are a turn-key option for running your workflows. But if you need fine-grained control and customization of your environment, then self-hosted runners give you full…
You can now share self-hosted runners across some or all of your GitHub organizations by associating them with an Enterprise Account. This simplifies sharing runners and makes it easy for…
Learn about patterns for configuring and maintaining GitHub Actions self-hosted runners on Google Cloud.
Today GitHub Actions shipped a series of features designed to improve your workflows when working with PRs from repository forks. New settings for private repository forks Many GitHub customers choose…
We are happy to announce that GitHub is joining the Open Source Security Foundation (OpenSSF) as a founding member, alongside Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation, Red Hat, and others.
Repositories that use GitHub Pages can now build and deploy from any branch. Publishing to the special gh-pages branch will still work the same as it always has, but you…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.