GitHub Actions for security and compliance

When thinking about automating developer workflows, the first things that come to mind for most are traditional CI/CD tasks: build, test, and deploy. However, many other common tasks can benefit from automation outside of traditional deployment pipelines. GitHub Actions can automate several common security and compliance tasks, which can be adopted in any GitHub repository, […]

Introducing the organization-level security manager role

Organizations can now grant teams permission to manage security alerts and settings on all their repositories. The “security manager” role can be applied to any team and grants the team’s members the following permissions: Read access on all repositories in the organization Write access on all security alerts in the organization Access to the organization-level […]

GitHub Marketplace welcomes its 10,000th action

By now, you’ve probably heard of GitHub Actions, the automation and CI/CD engine built right into GitHub. What’s cool is that you can make individual tasks into actions and share them with the world on GitHub Marketplace. Developers can then discover and use these actions in their workflows. Read on to find out more about […]

Dependency graph now supports the Poetry package manager

Dependency graph now supports detecting Python dependencies in repositories that use the Poetry package manager. Dependencies will be detected from both pyproject.toml and poetry.lock manifest files. We will detect dependencies from existing manifest files over the next few weeks, or sooner if the manifest file is updated. Learn more about dependency dependency graph

Repository Advisories Support Multiple Affected Products

If you are posting or editing a draft repository Security Advisory and the vulnerability impacts multiple packages and/or ecosystems, you can now identify all applicable affected products in the advisory. In the past, users needed to publish multiple advisories for the same vulnerability because they could only select one ecosystem and package per advisory. Learn […]

Improvements to GitHub Releases – generally available

GitHub is where developers come to learn and celebrate what’s new in open source, and where maintainers share, collaborate and celebrate their community’s work. Starting today, two improvements to the release process on GitHub are generally available: Maintainers can now automatically generate release notes, giving them a summary of all the pull requests for a […]

Keyboard shortcuts for quotes and lists

We’ve added keyboard shortcuts for quotes and lists in Markdown files, issues, PRs and comments. To add quotes, use cmd+shift+. on Mac or ctrl+shift+. on Windows/Linux. To add an ordered list, use cmd+shift+7 on Mac or ctrl+shift+7 on Windows/Linux. To add an unordered list, use cmd+shift+8 on Mac or ctrl+shift+8 on Windows/Linux. For a full […]

GitHub Actions : The Windows 2016 runner image will be removed from GitHub-hosted runners on March 15, 2022

As part of our ongoing efforts to keep GitHub-hosted runners updated and secure, the Windows 2016 virtual environment will be removed from GitHub Actions on March 15, 2022. We recommend you change jobs using runs-on: windows-2016 to use runs-on: windows-latest which will ensure you’re always running on the latest version of Windows Server. If you […]