Search results for: repository

Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.

The CodeQL package manager is now available in public beta on GitHub.com. CodeQL packages can contain CodeQL queries and CodeQL libraries — and of course you can express dependencies between…

In June, we announced that security alert notifications are opt-in on a per-repository basis, using the repository’s watch settings. Today, we have updated security alert digest emails to also respect…

We have shipped improvements to the code scanning alerts branch filter! These changes make it clearer which code scanning alerts are being displayed on the alerts page. By default, the…

When you move from 1 maintainer to 1+N maintainers of your project, things can get complicated. Minimum Viable Governance (MVG) is a simple, easy-to-implement governance framework for your free and open source projects.

GitHub’s supply chain security features are now available for Go modules, which will help the Go community discover, report, and prevent security vulnerabilities.

New severity levels for security alerts We now show security-severity levels for CodeQL security alerts in code scanning. security-severity levels help you understand in more detail the risks posed by…

This month, we have some exciting updates to share. A lot of you have welcomed the improvements to your ability to sync a forked repo with upstream from the web…

The markdown editor used when creating or editing a release in a GitHub repository now has a text-editing toolbar. Learn more about creating software releases on GitHub.

GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. GitHub has…

You can now programmatically check the status and resend repository, organization, and Apps webhooks through the REST API, to complement functionality currently provided in the Settings user interface. Using these…

We’ve shipped a couple of changes to our APIs: The code scanning API now returns the CodeQL query version used for an analysis. This can be used to reproduce results…

GitHub’s bug bounty program is now a mature component of how we improve product security. We’re excited to highlight some achievements (and interesting vulnerabilities)!

Issues submitted to open source projects often lack important information. Markdown issue templates can help by providing text that contributors can remove and replace with their own input – but…

We recently set about creating a framework and service for automatically generating social sharing images for repositories and other resources on GitHub.

Throughout the beta, we added features to improve the experience of using the Container registry. Today, we’re excited to announce that the Container registry is generally available as part of GitHub Packages!

Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.…

The new Required Conversation resolution branch protection rule and Conversations menu is now generally available. Easily discover your pull request comments from the files changed tab and require that all…

In May, GitHub shipped a total of 20 new features. We love what we do, but we know it’s a lot to keep up with. So we’re trying something new on the GitHub Blog—a monthly recap of everything that shipped to Changelog in the past month. Check out some of the updates you might have missed.

Last month, we announced that security alert notifications were changing to an opt-in model. We have completed this change and users now receive notifications only for repositories they watch and…

If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked…