Search results for: repository

Previously, when you forked a repository the fork name would default to the same name as the parent repository. In some cases, that wasn’t ideal because you wanted the fork…

GitHub Advanced Security customers can now dry run custom secret scanning patterns at the organization (and repository) level. Dry runs allow admins to understand a pattern’s impact across an organization…

Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…

Enterprise owners can now prevent organization owners from inviting outside collaborators to repositories in their enterprise. The “Repository outside collaborators” policy includes an additional option, “Enterprise admins only”, which restricts…

Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.

Our latest updates to the projects (beta) experience include the highly requested ability to bulk add issues and pull requests to a project as well as an explorable archive and…

Learn how to build packages with SLSA 3 provenance using GitHub Actions.

The audit log now includes events associated with secret scanning custom patterns. This data helps GitHub Advanced Security customers understand actions taken on their repository, organization, or enterprise level custom…

A new DependabotUpdate GraphQL object connects the relevant repository’s Dependabot alert(s) – aka vulnerabilityAlerts – to the Dependabot generated pull request or error. query($repo_owner:String!, $repo_name:String!) { repository(owner: $repo_owner, name: $repo_name)…

The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.

We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.

GitHub Advanced Security customers using secret scanning can now opt to receive a webhook each time a secret is detected in a new location. The secret_scanning_alert_location webhook event includes location…

From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.

The CodeQL runner has been deprecated in favor of the CodeQL CLI. As previously announced, starting March 14th, the CodeQL bundle now no longer includes the CodeQL runner. This deprecation…

Organization members and teams can now be granted a moderator role. Organization moderators are able to: Block and unblock users from the organization Manage organization interaction limits Manage repository interaction…

Organizations with GitHub Advanced Security can now prevent secret leaks with secret scanning’s new push protection feature. For repositories with push protection enabled, GitHub will block any pushes where a…

Organizations with GitHub Advanced Security can now proactively protect against secret leaks with secret scanning’s new push protection feature.

The code scanning alert page now shows the analysis origin for an alert. Code scanning alerts can originate from different analysis configurations on a repository. These may be using different…

We believe our technical interviews should be as similar as possible to the way we work at GitHub.

Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…