Search results for: actions

Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers.

Git users are encouraged to upgrade to the latest version, especially if they use `git apply` or `git clone` against untrusted patches or repositories.

Welcome to our special edition of the Release Radar 🎄. Between Christmas festivities, end of the year parties, Chinese New Year, or simply enjoying some time off, almost everyone has…

Dependency graph automatically supports many ecosystems, but some additional ecosystems require configuration to submit dependencies with the dependency submission API. The community maintains several GitHub Actions that make this easier.…

CodeQL is the engine that powers GitHub code scanning, used by more than 100,000 repositories to catch security vulnerabilities before they cause issues in deployments. CodeQL is fully integrated into…

The GitHub Enterprise Server 3.8 release candidate is here GitHub Enterprise Server 3.8 brings new capabilities to help companies build and deliver secure software, more quickly. With over 100 new…

Explore how the GitHub Docs team uses GitHub Projects for content coordination, reviews, and publishing.

Update to the latest version of Desktop and previous version of Atom before February 2.

Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.

Laying the groundwork for developer-enabled compliance.

In the spirit of continuing to improve our invitation experience, we are bringing a few more enhancements to the UI and APIs to better support invitation management experiences. From today…

On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. In April 2022, we announced that CodeQL Action v1 would be deprecated at the…

Git users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.

Explore how GitHub and cloud native strategies can help you address common DevOps pipeline and team antipatterns.

Support for GitHub CLI extensions has been expanded with new authorship tools and more ways to discover and install custom commands. Learn how to write powerful extensions in Go and find new commands to install.

Today’s Changelog brings you the addition of project events to Issue and Pull Request timelines, Issue forms for private repositories, and more! 👀 Project events in item timelines (Public Beta)…

Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.

What’s new? Starting today, Dependabot will pause automated pull request activity if you haven’t merged, closed, or otherwise interacted with Dependabot for over 90 days. To resume activity when you’re…

Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).

The GitHub Packages RubyGems registry now runs on a new architecture, unlocking great new capabilities: Publishing packages at organization level with GitHub Packages Previously, RubyGems packages published to GitHub Packages…

Code scanning can now be easily setup with a few button clicks, and without committing a workflow file to the repository. Code scanning’s new default setup feature automatically finds and…