Search results for: repository

The new code scanning tool status page allows users to view the status of CodeQL and other code scanning tools. The page shows all the tools that are enabled on…

Code scanning have shipped an API for repositories to programmatically enable code scanning default setup with CodeQL. The API can be used to: Onboard a repository to default setup: gh…

Today we have released multi-repository variant analysis for CodeQL in public beta to help the OSS security community power up their research with CodeQL. CodeQL is the static code analysis…

Multi-repository variant analysis lets you scale security research across thousands of repositories, giving you a powerful tool to find and respond to newly discovered vulnerabilities.

The Custom Repository Roles REST API has moved to general availability, with a breaking change to the path used. Previously, the API was found at /orgs/{org}/custom_roles – it has been…

Organizations on github.com with an enterprise plan can now create 5 custom repository roles, an increase from the previous limit of 3. This increase will also appear in GitHub Enterprise…

Code scanning can now be easily setup with a few button clicks, and without committing a workflow file to the repository. Code scanning’s new default setup feature automatically finds and…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

You can now unarchive a repository via the REST API. Previously, unarchiving was only available via the GraphQL API or the UI. Learn more about updating repositories via the REST…

In a small but frequently requested improvement, GitHub now shows the date that an archived repository was put into read-only mode to indicate it is no longer actively maintained. Previously,…

Open source maintainers can now opt-in to private vulnerability reporting, a dedicated communications channel where the community can disclose security issues directly to you on GitHub. You can see reports…

A Security.md file in the root of a repository will now be highlighted on the repository overview in the sidebar. For more information, see “Adding a security policy to your…

Removing the security vulnerability banner The yellow banner stating “We found potential security vulnerabilities in your dependencies” is being removed. Please use the “Security” alert count in your repository navigation…

Customers will now be able to use the GITHUB_TOKEN with workflow_dispatch and repository_dispatch events to trigger workflows. Prior to this change, events triggered by GITHUB_TOKEN would not create a new…

Custom repository roles enable Enterprise organization administrators to define and assign least-privilege roles for their repositories, beyond the standard Read, Triage, Write, Maintain, and Admin roles. Now, REST API endpoints…

The repository that houses the images installed on GitHub-hosted runners has been renamed from actions/virtual-environments to actions/runner-images. These images are maintained by GitHub and used by GitHub Actions. If you…

In April 2022, we released improvements to help streamline your Codespaces experience when working with multi-repository and monorepo projects. Today we’re announcing support for prebuilding these project types as well…

A dropdown has been added to the Fork button to help you quickly find your forks of a repository. This includes forks in your personal account and in organizations that…

Custom repository roles are now GA for GitHub.com and Enterprise Server 3.5. Organization admins can create custom repository roles available to all repositories in their organization. Roles can be configured…

Dependabot version updates help you keep your dependencies up-to-date by opening pull requests automatically when new versions are available. With this release, you can now more easily enable and configure…

Codespaces now has improvements that will streamline your experience when working with multi-repository and monorepo projects. To enable teams to develop applications that span across multiple repositories (e.g. common in…