Search results for: repository

Code scanning runs analysis tools that scan your code on the triggers defined in your .yml Actions workflow file. The default CodeQL workflow analyzes your code each time you push…

In 2019, to meet GitHub’s growth and availability challenges, we set a plan in motion to improve our tooling and ability to partition relational databases.

During an audit of Apache Dubbo v2.7.8 source code, I found multiple vulnerabilities enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers. In this blog post I detailed how I leveraged CodeQL as an audit oracle to help me find these issues.

You can now copy the full, raw contents of a file in your repository to the clipboard with just one click. Previously, you would need to open the raw file,…

GitHub Actions now has an updated management experience for your self-hosted runners that makes it easier to manage runner groups and see the status of your runners. New Runners and…

GitHub Advanced Security customers can now edit their custom patterns defined at the repository, organization, and enterprise levels. After a user edits and saves a pattern, secret scanning searches for…

GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. Contributed Systems…

Organizations can now display a README.md on their profile Overview. Start with creating a .github repository for the desired organization. Make sure it’s public. Add a profile folder to your…

GitHub releases now have an avatar list at the bottom of the release showing the avatars of all GitHub accounts mentioned in the release notes. This is a great way…

What did we ship in August? Codespaces, Discussions, and lots of other updates, from the general availability of the dark high contrast theme to an auto-generated table of contents for wikis.

The new GraphQL mutation createCommitOnBranch makes it easier to add, update, and delete files in a branch of a repository. This new API offers a simpler way to commit changes…

GitHub Enterprise Server 3.2 is available today as a release candidate.

You can now use setup-node action to cache dependencies for projects with monorepo and pnpm package manager. Use the optional cache-dependency-path field to specify the path to dependency file(s). steps:…

How GitHub uses code scanning to increase developer happiness, and how you can too.

Forked repositories can now be synced with their upstream using the merge upstream API. For more info, see the documentation here. You can also sync forks through the web UI,…

Organization and repository admins can now trigger webhooks to listen for changes to branch protection rules on their repositories. For more info, see the documentation here.

You can now filter workflow runs by the date of creation by using the created filter. For example: created:<2021-08-31. This is also available in the API

We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline.

The GitHub Social Impact and Policy teams are issuing a Request for Proposal (RFP) for a researcher to define a list of publicly available GitHub platform usage metrics by country for international development, public policy and economics disciplines.

You can now run Java projects faster on GitHub Actions by enabling dependency caching on the setup-java action. setup-java supports caching for both Gradle and Maven projects. The following example…

The tag selection component on the GitHub Release Creation UI has been updated to now be a dropdown selector rather than a text field. This new component is less error…