Search results for: actions

Learn some tips, tricks, and tools for mastering the command line from GitHub’s own developers.

A new set of Git releases were published to address a variety of security vulnerabilities. All users are encouraged to upgrade. Take a look at GitHub’s view of the latest round of releases.

As we work towards general availability of pull request merge queue, we want to thank everyone that has provided feedback ❤ (keep it coming!) and let you know about some…

npm packages built on a cloud CI/CD system (like GitHub Actions) can now publish with provenance, meaning the package has verifiable links back to its source code and build instructions.…

How to verifiably link npm packages to their source repository and build instructions.

Rapid advancements in generative AI coding tools like GitHub Copilot are accelerating the next wave of software development. Here’s what you need to know.

When changes in a repository make a Dependabot pull request out-of-date, Dependabot will automatically rebase it so that it is able to be merged without your manual effort. With this…

How GitHub Enterprise ensures secure and compliant developer workflows for highly regulated industries.

Code scanning default setup is now available for Go! Default setup automatically finds and sets up the best CodeQL configuration for your repository. It detects the languages in the repository…

Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.

Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers collaborate on it daily.…

In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.

With enterprise accounts for all, your organization can take advantage of all that GitHub Enterprise has to offer, from GitHub Actions and GitHub Advanced Security, to Copilot.

In March, we experienced six incidents that resulted in degraded performance across GitHub services. This report also sheds light into a February incident that resulted in degraded performance for GitHub Codespaces.

A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.

Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.

Learn how GitHub’s one, integrated platform–powered by AI and secure at every step—helps developer teams be more productive, collaborative, and efficient.

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.

Today we are announcing the general availability (GA) of roadmaps in GitHub Projects! 🎉 🗺 Roadmaps for all Since we announced the public beta of roadmaps earlier this year, we’ve…

Code scanning have shipped an API for repositories to programmatically enable code scanning default setup with CodeQL. The API can be used to: Onboard a repository to default setup: gh…

Enabling CodeQL analysis with code scanning default setup for eligible repositories in your organization is now as easy as a single click from the organization’s settings page or a single…