How GitHub volunteers built an open source metrics dashboard for the World Health Organization and some best practices they picked up along the way.

Generate and verify signed attestations for anything you make with GitHub Actions.

Today, we’re releasing a beta version of an open source GitHub App that manages private mirrors of public upstream repositories. The Private Mirrors App (PMA) enables organizations with regulatory or…

GitHub Artifact Attestations is generally available We’re thrilled to announce the general availability of GitHub Artifact Attestations! Artifact Attestations allow you to guarantee the integrity of artifacts built inside GitHub…

Improve your GitHub Action’s security posture by securing your source repository, protecting your maintainers, and making it easy to report security incidents.

Learn how you can structure your enterprise to get the most value out of GitHub and provide the best experience for your developers!

Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities

Learn how to secure your GitHub Actions with these best practices! From controlling credentials to using specific action version tags, this cheat sheet will help you protect against supply-chain attacks. Don't let a malicious actor inject code into your repository - read now!

Reusable workflows offer a simple and powerful way to avoid copying and pasting workflows across your repositories.

Here’s a quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it.