Search results for: repository

Code scanning can now be set up to never cause a pull request check failure. By default, any code scanning alerts with a security-severity of critical or high will cause…

A look at what went into building the world’s largest public code search index.

Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

What if developers want to leverage branch deployments but don’t have a full ChatOps stack integrated with their repositories? We wanted to set out to find a way for all developers to be able to take advantage of branch deployments with ease, right from their GitHub repository, and so the branch-deploy Action was born!

Previously, GitHub Actions gets a GITHUB_TOKEN with both read/write permissions by default whenever Actions is enabled on a repository. As a default, this is too permissive, so to improve security…

The DEI Resource Hub is a vetted collection of resources, tools, and best practices designed to help open source maintainers create and maintain inclusive and diverse open source communities.

We’re taking a look at how open source software has evolved on GitHub, and how the role of a maintainer and contributor has changed alongside the massive growth in open source software.

GitHub Desktop 3.1.5 improves support for force pushing and fetching through the newly added Repository menu items as well as supporting pull request notifications on forks. This release also comes…

Organization admins and security managers can now enable private vulnerability reporting for all public repositories within an organization at once. With this enhancement, you no longer have to enable the…

Starting today, when linking to a Dependabot alert in an issue and or pull requests, anyone with permissions to view the alert will see a rich Dependabot alert mention, with…

We’re more excited than ever about what the future holds and the role open source will continue to play in solving critical societal challenges.

On January 8, 2024, GitHub will remove support for Subversion.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

GitHub, the Rust Foundation, and the Rust Project are collaborating to help protect you from leaked crates.io keys. From today, GitHub will scan every commit to a public repository for…

How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.

We’re back again with the ability to make a copy of your project and a new automation for Enterprise accounts. 🖨️ Get started faster by copying your project’s views, custom…

When teams work cross-functionally, good things happen. See how our teams use GitHub Projects to coordinate and ship new products and features.

Organizations and enterprises using branch protections may see false-alert flags in their security log for protected_branch.policy_override and protected_branch.rejected_ref_update events between January 6 and January 11, 2023. These events were improperly…

On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. In April 2022, we announced that CodeQL Action v1 would be deprecated at the…

Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.