Home » Tags

Developer Workflow

A layered diagram showing GitHub Enterprise at the top flowing down through Organisation to a personal repository with a padlock overlay, representing policy inheritance

When Your Workplace Controls Your Personal GitHub Repos: Understanding GitHub Org Policies

I was hardening this blog’s GitHub repository as part of a security series — adding CodeQL static analysis, Dependabot, and secret scanning. Everything went smoothly until I tried to run CodeQL in a workflow against my personal, private repository. The workflow ran. The analysis completed. And then it failed with this: Warning: This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. Code scanning is not enabled for this repository. The repository settings showed Code Scanning as available. The workflow had security-events: write. The YAML was valid. The workflow was not running from a fork. Nothing obvious was wrong. ...

April 1, 2026 · 7 min · 1371 words · eakangk
Signed Git commit verification badge on GitHub

How and Why should you Sign Git Commits with GPG: A Practical Guide

So you were going through commits in your organisation’s repository and saw a little “Verified” badge next to the commit hash. Wondered how their commit got Verified? GitHub certainly doesn’t have a subscription that will give you a “Verified” badge like some other social media platforms. You know the one, I’m talking about. So what does it mean? How do you get that? Let’s explore. What Is Git Commit Signing? Do you remember how you configured Git on your machine? You probably ran a couple of commands like these: ...

December 12, 2024 · 6 min · 1132 words · eakangk