Code scanning: CodeQL Action v1 is now deprecated
On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. In April 2022, we announced that CodeQL Action v1 would be deprecated at the…
On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. In April 2022, we announced that CodeQL Action v1 would be deprecated at the…
Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.
Git users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.
Support for GitHub CLI extensions has been expanded with new authorship tools and more ways to discover and install custom commands. Learn how to write powerful extensions in Go and find new commands to install.
Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.
What’s new? Starting today, Dependabot will pause automated pull request activity if you haven’t merged, closed, or otherwise interacted with Dependabot for over 90 days. To resume activity when you’re…
Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).
OpenID Connect (OIDC) support in GitHub Actions enables secure cloud deployments using short-lived tokens that are automatically rotated for each deployment. Each OIDC token includes standard claims like the audience,…
The GitHub Packages RubyGems registry now runs on a new architecture, unlocking great new capabilities: Publishing packages at organization level with GitHub Packages Previously, RubyGems packages published to GitHub Packages…
Now, you can standardize and enforce CI/CD best practices across all repositories in your organization to reduce duplication and secure your DevOps processes.
Today, we are adding support for configuration variables in GitHub Actions 🎉 Previously, you needed to store this configuration data as encrypted secrets in order to reuse values in workflows.…
Today, we are announcing public beta of required workflows in GitHub Actions 🎉 Required workflows allow DevOps teams to define and enforce standard CI/CD practices across many source code repositories…
Category Forms allow maintainers to create templates for their GitHub Discussions, which means that users can start new discussions with all the necessary information already included.
Default setup is a new way to automatically set up code scanning on your repository, without the use of a .yaml file.
GitHub Advanced Security customers can view an event in their organization or enterprise audit log when an admin enables or disables push protection for a custom pattern at the repository,…
New year, new features and improvements! 🎆 We’re making URLs in Projects more powerful with direct links to the project READMEs, project item side-panel, and adding items from repository pane.…
As of last month, GitHub Advanced Security customers can enable push protection for push protection for any custom pattern defined at the repository or organization level. Now, customers can also…
In December, we did not experience any incidents that resulted in degraded performance across GitHub services. This report sheds light into an incident that impacted customers using GitHub Packages and GitHub Pages in November.
Learn about the design behind, and solutions to, several of GitHub’s CTF challenge for Ekoparty’s 2022 event!
You can now view (GET) the security feature enablement status for all repositories in your organization using the “list organization repositories” endpoint in the REST API for the following security…
Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Join us October 28-29 in San Francisco or online for GitHub Universe, our flagship developer event uniting people, agents, and the world’s code.