Remediation made simple: Introducing new validity checks for GitHub tokens
GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.
GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.
With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.
A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.
Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.
What did we ship in August? Codespaces, Discussions, and lots of other updates, from the general availability of the dark high contrast theme to an auto-generated table of contents for wikis.
Custom agents let GitHub Copilot CLI understand your stack and team workflows, turning one-off terminal prompts into repeatable, reviewable processes.
Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on.
See how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help reduce burden and strengthen software supply chains.
Learn how The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems, and advance open source resilience.
Delegate it a task, and coding agent can independently write, run, and test code. Here’s how you can make the most of it.
Learn how the GitHub Secure Open Source Fund helped 71 open source projects significantly improve their security posture through direct funding, expert guidance, and actionable playbooks.
The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.
GitHub uses GitHub to build GitHub, and our CLI extensions are no exception. Read on to find out how we built the GitHub Skyline CLI extension using GitHub!
Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Find out how we’re evolving GitHub and GitHub Copilot—and get access to the latest previews and GA releases.
In this year’s Octoverse report, we study how public and open source activity on GitHub shows how AI is expanding as the global developer community surges in size.
Five actionable tips and strategies to supercharge developer happiness—and a more innovative workplace.
Today, we’re releasing security tool-specific filters for the security overview dashboard and secret scanning metrics page. Have you ever wondered, “How well is my organization handling SQL injections?” or “How…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Join us October 28-29 in San Francisco or online for GitHub Universe, our flagship developer event uniting people, agents, and the world’s code.