Pull request merge queue (public beta): API support and recent fixes
As we work towards general availability of pull request merge queue, we want to thank everyone that has provided feedback ❤ (keep it coming!) and let you know about some…
As we work towards general availability of pull request merge queue, we want to thank everyone that has provided feedback ❤ (keep it coming!) and let you know about some…
Open source maintainers and security researchers embrace a new best practice to report and fix vulnerabilities.
How to verifiably link npm packages to their source repository and build instructions.
You can now use the REST API to open a private vulnerability report on open-source repositories that have this feature enabled. Learn more about the repository security advisories REST API
Available in public beta today, the security coverage page now includes multi-repository enablement, which lets you enable or disable security features across several repositories at once. This feature improves upon…
Rapid advancements in generative AI coding tools like GitHub Copilot are accelerating the next wave of software development. Here’s what you need to know.
When changes in a repository make a Dependabot pull request out-of-date, Dependabot will automatically rebase it so that it is able to be merged without your manual effort. With this…
You can now fetch release notes, changelogs and commit history for Docker update pull requests with Dependabot. This will allow you to quickly evaluate the stability risk of the dependency…
How GitHub Enterprise ensures secure and compliant developer workflows for highly regulated industries.
GitHub Advanced Security customers using secret scanning can now view any secrets exposed historically in an issue’s title, description, or comments within the UI or the REST API. This expanded…
Following our recent release of generating a software bill of materials from the repository’s dependency graph, you can now generate an SBOM for a repository using a new REST API…
Code scanning default setup is now available for Go! Default setup automatically finds and sets up the best CodeQL configuration for your repository. It detects the languages in the repository…
Explore how creating a great developer experience can help provide a more inclusive financial services environment.
Caching dependencies and other commonly reused files enables developers to speed up their GitHub Actions workflows and make them more efficient. We have now enabled Cache Management from the web…
Today’s Changelog brings you bulk editing in the table layout and improvements to tasklists! 🦖 Bulk editing in tables You can now update multiple cells in a column at once!…
Many of us are aware of the benefits that a strong focus on automation can bring, particularly in our development workflow and DevOps lifecycle. But silos across businesses can lead to duplication of effort, and potential to lose out on best practices. In this post, we’ll explore how CI/CD can be shared across your entire organization alongside policies, for a well-governed experience with GitHub Actions.
GitHub Sponsors is now generally available for organizations. Also, new tooling for bulk sponsorships and an update on how we’re ensuring sustainability for GitHub Sponsors.
GitHub Advanced Security users can now view alert metrics for custom patterns at the repository, organization, and enterprise levels directly from the custom pattern’s page. Custom patterns with push protection…
Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.
We now show bypassed branch protection rules in response to Git pushes. These are information messages and are not designed to block workflows. Historically there was no indication after a…
A software bill of materials (SBOM) is a standardized inventory of a software project’s dependencies and associated metadata (versions, licenses, etc). You can now export your repository’s dependency graph as…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Join us October 28-29 in San Francisco or online for GitHub Universe, our flagship developer event uniting people, agents, and the world’s code.