Maintainers Archives
…Investing in the people shaping open source and securing the future together See how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help…
Search
Securing the git push pipeline: Responding to a critical remote code execution vulnerability
…Alexis has 20 years of experience defending critical national and private sector networks, spanning positions with the Department of Defense and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency…
GitHub Universe is back: We want you to take the stage
…secure GitHub Actions patterns (with Copilot as a trusty sidekick) that helped teams speed up workflows while keeping security front and center. Dream it in the morning, build it in the afternoon…
LLMs Archives
…Security architecture of GitHub Agentic Workflows GitHub Agentic Workflows are built with isolation, constrained outputs, and comprehensive logging. Learn how our threat model and security architecture help teams run agents safely in…
A year of open source vulnerability trends: CVEs, advisories, and malware
…Request a CVE directly from your repository security advisory, and we’ll take care of curating and publishing it for you. It’s free, it’s fast, and it helps the entire…
Upcoming change to Copilot usage metrics report download URLs - GitHub Changelog
…Enterprise security teams have a predictable, trustworthy domain to allowlist. Automation scripts and integrations are not disrupted by domain changes. For more information, see the Copilot allowlist reference . Join the discussion within…
Validating agentic behavior when “correct” isn’t deterministic
…This framework for the Trust Layer provides: Efficient learning: Automatic derivation of ground truth from passing examples. Operational robustness: Secure handling of non-deterministic behavior and environmental noise. Total transparency: Explainable results…
Actions OIDC tokens now support repository custom properties - GitHub Changelog
…View and manage OIDC token claim configuration from a new UI at the repository, organization, and enterprise level. You can then reference this claim in your cloud provider’s trust policy to…
Welcome to Maintainer Month: Celebrating the people behind the code
…Open source runs on maintainers, and we’re proud to partner with GitHub to celebrate and support them. As the ecosystem scales, maintainers are doing more than ever to keep projects secure…
A cheat sheet to slash commands in GitHub Copilot CLI
…Now you can clean up errors, run tests, and get code explanations right from the CLI, without leaving your terminal. Clarity and security : Commands like /add-dir and /list-dirs give clear…