Search results for: secret scanning partner

GitHub Secret Scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. This protects users from fraud and data leaks. GitHub has…

If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked…

GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and…

Secret scanning for private repositories is now generally available for all GitHub Advanced Security customers on GitHub Enterprise Cloud. Since announcing the beta last year, we’ve: Expanded our pattern coverage…

GitHub Advanced Security helps you create secure applications with a community-driven, developer-first approach. Today, we are excited to announce two updates: Beta of the new security overview for organizations and…

GitHub and the Python Package Index (PyPI) are collaborating to help protect you from leaked PyPI API tokens. From today, GitHub will scan every commit to a public repository for…

Last week, we launched code scanning for all open source and enterprise developers, and we promised we’d share more on our extensibility capabilities and the GitHub security ecosystem. Today, we’re…

GitHub has scanned public repositories for secrets (like API keys and tokens) for several years. Secret scanning protects our partners and our customers from unauthorized use of the services protected by those…

Learn about how GitHub Advanced Security’s new AI-powered features can help you secure your code more efficiently than ever.

Announcing the general availability of push protection–a feature that proactively prevents secret leaks in your public and private repositories.

GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.

With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.

Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.

We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.

A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.

Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.

What did we ship in August? Codespaces, Discussions, and lots of other updates, from the general availability of the dark high contrast theme to an auto-generated table of contents for wikis.

The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.

GitHub uses GitHub to build GitHub, and our CLI extensions are no exception. Read on to find out how we built the GitHub Skyline CLI extension using GitHub!

Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.

Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.