Search results for: repository

How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)

We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.

We have released improvements to the code scanning API: We’ve added the fixed_at timestamp to alerts. This is the first time that the alert was not detected in an analysis.…

Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language.

Code navigation is now available in PRs, and code navigation results for Python are now more precise.

Today, we are rolling out a technology preview for GitHub code search, the next iteration for search, discovery, and navigation on GitHub.

GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories.

GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.

The end of the year is getting closer, and our communities are busy working away on their projects. While you’ve all been busy maintaining open source projects and shipping releases,…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans may prevent data leaks and any fraud associated with…

Dotfiles are a common way to specify custom, user-specific behavior for applications (like Vim or Emacs) and shells on your codespaces. If enabled, dotfiles stored in a user’s public dotfiles…

You can multiply the impact of your domain experts by building their common workflows into ChatOps.

GitHub Advanced Security customers can now use the GitHub REST API to retrieve commit details of secrets detected in private repository scans. Now available on cloud, the new endpoint will…

You can now control which GitHub App a required status check is provided by. If status is then provided by a different app or by a user via a commit…

It is now possible to list, add, and remove runner labels for Actions self-hosted runners via API. For more info on using the new APIs at a repository, organization, or…

You can now run workflows for Python projects faster on GitHub Actions by enabling dependency caching on the setup-python action. setup-python supports caching for both pip and pipenv projects. The…

OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project.

The latest release of the CodeQL CLI supports including markdown-rendered query help in SARIF files so that the help text can be viewed in the code scanning UI. This functionality…

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.

A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.

Administrators can now allow specific users and teams to bypass pull request requirements. For context, this image shows how administrators can use branch protections to require pull requests for all…