hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity
This is an active, ongoing attack campaign. We are continuing to monitor hackerbot-claw's activity and will update this post as new information becomes available. Community Webinar RecordingWe recently hosted a live community webinar where we broke down all five exploitation techniques in detail. During the session, we walked through the actual workflow files, analyzed the build logs, and demonstr
Changes to GitHub Dependabot pull request comment commands - GitHub Changelog
Menu. Currently selected: Dependabot comment command deprecations As we announced in October of 2025, we deprecated several Dependabot-specific pull request comment commands today in favor of GitHub’s native pull request features and functionality. This change is intended to reduce confusion, improve reliability, and encourage use of the GitHub platform’s built-in tools for working with pull reque
New repository settings for configuring pull request access - GitHub Changelog
Menu. Currently selected: Disable pull requests entirely Maintainers now have more control over how repositories accept contributions. Two new settings let you manage pull requests to better match your project’s needs. Disable pull requests entirely You can now turn off pull requests entirely from your repository’s Settings, just like you can with wikis, issues, discussions, and projects. When dis
GitHub - mitchellh/vouch: A community trust management system based on explicit vouches to participate.
A community trust management system. FAQ · Contributing People must be vouched for before interacting with certain parts of a project (the exact parts are configurable to the project to enforce). People can also be explicitly denounced to block them from interacting with the project. The implementation is generic and can be used by any project on any code forge, but we provide GitHub integration o
GitHub Agentic Workflows
Repository automation, running the coding agents you know and love, with strong guardrails in GitHub Actions. Imagine a world where improvements to your repositories are automatically delivered each morning, ready for you to review. Issues are automatically triaged, CI failures analyzed, documentation maintained and tests improved. All defined via simple markdown files. GitHub Agentic Workflows de
Upcoming changes to GitHub Events API payloads - GitHub Changelog
Summary We’re introducing improvements to the GitHub Activity Events API to provide a fresher, more scalable experience for everyone using GitHub event data. By reducing the size of data payloads, we’re improving performance, reducing latency, and making our systems more efficient and responsive for all users. What’s changing Discussion events: You’ll be able to query events from discussion activi
Improved search for GitHub Issues in public preview - GitHub Changelog
It’s now easier than ever to find exactly the issue you’re looking for with our improved search for GitHub Issues. Built on our new semantic index, you can now find results based on the meaning of your query, not just the keywords you use. What’s new Search for issues using natural language like “authentication failing on mobile†or “funny timeline behaviorâ€, and GitHub returns conceptually simila
arm64 standard runners are now available in private repositories - GitHub Changelog
arm64 standard runners are now available in private repositories Linux and Windows arm64 standard GitHub-hosted runners are now supported in private repositories. You can now use these free-tier eligible arm64 runners in all repositories, letting you take advantage of the performance benefits of arm64 processors and run native multi-architecture builds without the overhead of virtualization or emu
Actions pull_request_target and environment branch protections changes - GitHub Changelog
Actions pull_request_target and environment branch protections changes GitHub is updating how GitHub Actions’ pull_request_target and environment branch protection rules are evaluated for pull-request-related events. These changes will take effect on 12/8/2025. They aim to reduce security critical edge cases in how these events operate on user-controlled branches that may result in unexpected exec
Pricing changes for GitHub Actions
TLDR: We’re postponing the announced billing change for self-hosted GitHub Actions to take time to re-evaluate our approach. We are continuing to reduce hosted-runners prices by up to 39% on January 1, 2026. We’ve read your posts and heard your feedback. We’re postponing the announced billing change for self-hosted GitHub Actions to take time to re-evaluate our approach. We are continuing to reduc
Repository dashboard: Find, search, and save queries in preview - GitHub Changelog
Repository dashboard: Find, search, and save queries in preview Finding the right repository can feel like searching for a needle in a haystack. When you’re juggling multiple projects or collaborating across teams, keeping track of repositories becomes overwhelming. The new repository dashboard preview makes it easy to find and curate a saved view of repositories you have access to, all in one pla
Accessible notifications and messages
Accessible notifications and messagesHow to ensure updates and messages are communicated in an inclusive way. Overview Assistive technology announcements These general guidelines can help you determine when assistive technology should output a message. This helps to ensure everyone understands important updates to an experience. Guidelines Always: Announce location changes — Help users understand
Linter integration with Copilot code review now in public preview - GitHub Changelog
Menu. Currently selected: New static analysis tools in Copilot code review Copilot code review now surfaces actionable feedback from linters, so the small stuff is never missed—and you can customize which linters are used via repository rulesets. This feature is available in public preview for paid GitHub users. New static analysis tools in Copilot code review In addition to CodeQL quality detecti
GitHub Actions cache size can now exceed 10 GB per repository - GitHub Changelog
Menu. Currently selected: GitHub Actions cache size can now exceed 10 GB per repository GitHub Actions cache size can now exceed 10 GB per repository You can now store more build dependencies between workflow runs with expanded GitHub Actions cache storage. Repositories can go beyond the previous 10 GB per-repository cache cap using a pay-as-you-go model. All repositories will continue to receive
GitHub Actionsã§ESLintã®Shardingを実装ã—ã¦ã€CIã®å®Ÿè¡Œæ™‚é–“ã‚’51%削減ã—ã¾ã—㟠- newmo 技術ブãƒã‚°
newmoã§ã¯ã€pnpm workspaceã§ç®¡ç†ã—ã¦ã„る複数ã®ã‚¢ãƒ—リケーションやライブラリã«å¯¾ã—ã¦ESLintを実行ã—ã¦ã„ã¾ã™ã€‚ プãƒã‚¸ã‚§ã‚¯ãƒˆã®æˆé•·ã¨ã¨ã‚‚ã«Lint対象ã®ãƒ•ã‚¡ã‚¤ãƒ«æ•°ãŒå¢—åŠ ã—ã€CI実行時間ã¨ãƒ¡ãƒ¢ãƒªä½¿ç”¨é‡ãŒå¢—åŠ ã—ã¦ã„ã¾ã—ãŸã€‚GitHub Actionsã®matrixオプションを使用ã—ãŸå‹•çš„ãªShardingを実装ã—ã€ã“れらã®å•é¡Œã«å¯¾å¿œã—ã¾ã—ãŸã€‚ newmoフãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ã®é–‹ç™ºåŽŸå‰‡ newmoã®ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰é–‹ç™ºã§ã¯ã€æ¬¡ã®åŽŸå‰‡ã‚’é‡è¦–ã—ã¦ã„ã¾ã™ã€‚ 1ã¤ç›®ã¯ã€ã€ŒåŒã˜ç›®çš„ã‚’é”æˆã™ã‚‹ãŸã‚ã®æ‰‹æ®µã‚’統一ã™ã‚‹ã€ã¨ã„ã†åŽŸå‰‡ã§ã™ã€‚åŒã˜ç›®çš„ã«å¯¾ã™ã‚‹è¤‡æ•°ã®æ‰‹æ®µãŒæ··åœ¨ã™ã‚‹ã‚ˆã‚Šã‚‚ã€çµ±ä¸€ã—ãŸæ‰‹æ®µã‚’使ã†ã“ã¨ã§å¦ç¿’コストやä¿å®ˆã‚³ã‚¹ãƒˆã‚’削減ã§ãã¾ã™ã€‚例ãˆã°ã€npmパッケージã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ç®¡ç†ã§ã¯ã€One Version Ruleã«åŸºã¥ãã€åŒã˜ç›®çš„ã‚’æŒã¤ãƒ©ã‚¤ãƒ–ラリã¯1ã¤ã«çµžã£ã¦ã„ã¾ã™ã€‚ã“ã‚Œã¯ã€ŒåŒã˜ã‚³ãƒ¼ãƒ‰ã‚’書ã‹ãªã„ã€
Octoverse: A new developer joins GitHub every second as AI leads TypeScript to #1
AI & MLLearn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry. Generative AILearn how to build with generative AI. GitHub CopilotChange how you work with GitHub Copilot. LLMsEverything developers need to know about LLMs. Machine learningMachine learning tips, tricks, and best practices. How AI code generation worksExplore the capabilities and be
ランã‚ング
ãŠçŸ¥ã‚‰ã›
ランã‚ング
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - ushironoko/octorus: TUI PR review tool for GitHub
Towards a secure by default GitHub Actions · community · Discussion #179107
Release v6.0.0 · actions/setup-node
GitHub - danielroe/provenance-action: Fail CI when dependencies in your lockfile lose npm provenance or trusted publisher status
{{#tags}}- {{label}}
{{/tags}}