The GitHub Enterprise Server 3.8 release candidate is here GitHub Enterprise Server 3.8 brings new capabilities to help companies build and deliver secure software, more quickly. With over 100 new…
Explore how the GitHub Docs team uses GitHub Projects for content coordination, reviews, and publishing.
Update to the latest version of Desktop and previous version of Atom before February 2.
Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.
Laying the groundwork for developer-enabled compliance.
In the spirit of continuing to improve our invitation experience, we are bringing a few more enhancements to the UI and APIs to better support invitation management experiences. From today…
On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. In April 2022, we announced that CodeQL Action v1 would be deprecated at the…
Git users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.
Explore how GitHub and cloud native strategies can help you address common DevOps pipeline and team antipatterns.
Support for GitHub CLI extensions has been expanded with new authorship tools and more ways to discover and install custom commands. Learn how to write powerful extensions in Go and find new commands to install.
Today’s Changelog brings you the addition of project events to Issue and Pull Request timelines, Issue forms for private repositories, and more! 👀 Project events in item timelines (Public Beta)…
Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.
What’s new? Starting today, Dependabot will pause automated pull request activity if you haven’t merged, closed, or otherwise interacted with Dependabot for over 90 days. To resume activity when you’re…
Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).
The GitHub Packages RubyGems registry now runs on a new architecture, unlocking great new capabilities: Publishing packages at organization level with GitHub Packages Previously, RubyGems packages published to GitHub Packages…
Code scanning can now be easily setup with a few button clicks, and without committing a workflow file to the repository. Code scanning’s new default setup feature automatically finds and…
GitHub Advanced Security customers can view an event in their organization or enterprise audit log when an admin enables or disables push protection for a custom pattern at the repository,…
Learn about the design behind, and solutions to, several of GitHub’s CTF challenge for Ekoparty’s 2022 event!
As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.
👋 We just finished releasing the last feature update of the year for Projects. It was relatively light, mainly composed of bug fixes and minor improvements to some of our…
Forrester’s Total Economic Impact™ study dives into how GitHub Enterprise Cloud and GitHub Advanced Security help businesses drive ROI, increase developer productivity, and save time on developer onboarding.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
