Anyone can now provide additional information to further the community’s understanding and awareness of security advisories. ⌘ Read more
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories. ⌘ Read more
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities. ⌘ Read more
A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts. ⌘ Read more
Tips from our developer advocates on how and why to find a mentor. ⌘ Read more
Practical tips on how to apply OWASP Top 10 Proactive Control C4. ⌘ Read more
The GitHub Enterprise Server 3.4 release candidate delivers enhancements to make life easier and more productive, from keyboard shortcuts to auto-generated release notes! ⌘ Read more
Over the past year, the GitHub Stars have made a tremendous impact in the community with their influence, inspiring and building communities and creating content to help everyone. ⌘ Read more
The MLH Fellowship, powered by GitHub, is a 12-week internship alternative for aspiring software engineers. Meet the 2022 cohort! ⌘ Read more
A picture tells a thousand words. Now you can quickly create and edit diagrams in markdown using words with Mermaid support in your Markdown files. ⌘ Read more
Stop context switching. Keep your team’s project planning next to your code. ⌘ Read more
Reusable workflows offer a simple and powerful way to avoid copying and pasting workflows across your repositories. ⌘ Read more
A comprehensive guide for vulnerability reporters. ⌘ Read more
Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate. ⌘ Read more
Here's January's top staff picks on projects that shipped major version releases. ⌘ Read more
In January, we experienced no incidents resulting in service downtime to our core services. ⌘ Read more
A quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it. ⌘ Read more
Along with the release of sponsors-only repositories, here’s a look at what’s new and what’s next for Sponsors. ⌘ Read more
A deep dive into how GitHub adds support for new languages to CodeQL. ⌘ Read more
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents. ⌘ Read more
The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions! ⌘ Read more
In GitHub's latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal. ⌘ Read more
When it comes to secure database access, there's more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance. ⌘ Read more
Learn new skills, build projects and meet like-minded students with the latest shows from the GitHub Education Stream Team. ⌘ Read more
The open source Git project just released Git 2.35. Here's GitHub's look at some of the most interesting features and changes introduced since last time. ⌘ Read more
Many of us were wrapping up projects, emails, events, and getting ready for Christmas. While we were all busy getting ready for the festive season, our community was still hard at work shipping open source ⌘ Read more
When digital infrastructure is overlooked by governments, it isn't just a missed opportunity: policies may inadvertently endanger open source collaboration. ⌘ Read more
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google. ⌘ Read more
With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science. ⌘ Read more
Here are the top games created in our annual game jam as rated and reviewed by the developers that made them. Game On! 🤘🏻 ⌘ Read more
From answering questions about a new release to fielding feature requests, here’s how five open source communities use GitHub Discussions. ⌘ Read more
My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit to share how securing open source begins by empowering developers. ⌘ Read more
Learn how the GitHub Mobile Team automates their release process with GitHub Actions. ⌘ Read more
In December, we experienced no incidents resulting in service downtime to our core services. ⌘ Read more
The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community. ⌘ Read more
As the year winds down, we're highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers. ⌘ Read more
GitHub was honored to contribute to the Santa Clara Principles on Transparency and Accountability in Content Moderation 2.0. ⌘ Read more
In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries. ⌘ Read more
When you want to create a workflow in the Actions tab of your repository, the recommendations are now based on an analysis of repo content. ⌘ Read more
Codespaces is a great tool for technical hiring exercises and helps level the playing field for candidates. ⌘ Read more
Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one's for you. ⌘ Read more
This blog post tells the story of why we built a new search engine optimized for code. ⌘ Read more
Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories. ⌘ Read more
Defining your security requirements is the most important proactive control you can implement for your project. Here's how. ⌘ Read more
On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228. ⌘ Read more
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links. ⌘ Read more
Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests. ⌘ Read more
Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language. ⌘ Read more
Code navigation is now available in PRs, and code navigation results for Python are now more precise. ⌘ Read more
Today, we are rolling out a technology preview for GitHub code search, the next iteration for search, discovery, and navigation on GitHub. ⌘ Read more
GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories. ⌘ Read more
Today we're introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7. ⌘ Read more
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place. ⌘ Read more
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow. ⌘ Read more
The end of the year is getting closer, and our communities are busy working away on their projects. While you’ve all been busy maintaining open source projects and shipping releases, we’ve created a new open ⌘ Read more
In November, we experienced one incident resulting in significant impact and degraded state of availability for multiple services. ⌘ Read more
You can multiply the impact of your domain experts by building their common workflows into ChatOps. ⌘ Read more
Are you a student in India? Applications are open for the GitHub Externships Winter Cohort! ⌘ Read more
From learning YAML to scripting with Bash, here are a few simple tips for developers who want to speed up their workflows. ⌘ Read more
DRY your Actions configuration with reusable workflows (and more!) ⌘ Read more
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens. ⌘ Read more
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab's @kevinbackhouse describes enrolling a project. ⌘ Read more
Recently, the Copyright Office responded to the calls to clarify the scope of protected security research. ⌘ Read more
The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way. ⌘ Read more
A recap of all the GitHub Education news from Universe 2021, including the new Intro to Web Dev Experience. ⌘ Read more
A public beta of the new GitHub Issues, a "security manager" role for organizations, a command palette beta, and lots more. ⌘ Read more
Check out some advanced automation and CI/CD capabilities you can use today with GitHub Actions on any GitHub account. ⌘ Read more
GitHub puts the needs of developers at the core of our content moderation policies. Learn more about our approach and how you can contribute. ⌘ Read more
All newly created GraphQL objects now have IDs that conform to a new format, which we refer to as "next IDs." Learn how to migrate older IDs to the new format and why we're making the change. ⌘ Read more
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base. ⌘ Read more
The State of the Octoverse analyzes data from millions of developers & repos to share trends across working habits, productivity, and career satisfaction. ⌘ Read more
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm. ⌘ Read more
To celebrate this most recent release, here's GitHub's look at some of the most interesting features and changes introduced since last time. ⌘ Read more
What an incredible month it’s been for GitHub and our communities. Whilst we’ve been busy with GitHub Universe, our communities have been busy coding. It’s been a successful year for Hacktoberfest, with many first-time contributors ⌘ Read more
During Universe, we received a number of security questions ranging from our strategy to our advisories. Here's what we've got planned! ⌘ Read more
Here are a few ways our teams use GitHub Discussions internally to build community, simplify workflows, and get key insights into our work. ⌘ Read more
The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo. ⌘ Read more
This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode. ⌘ Read more
When you're fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants. ⌘ Read more
In October, we experienced one incident resulting in significant impact and degraded state of availability for the GitHub Codespaces service. ⌘ Read more
Tips on how to get started using GitHub Actions and resources to learn more about making it work for you. ⌘ Read more
This morning, I shared the following post with Hubbers in response to Nat’s announcement about his next adventure. I am thrilled to take on the role of CEO to build the next phase of GitHub for our global community of software developers. ⌘ Read more
This morning, I sent the following post to the GitHub team. TL;DR: I’m moving on to my next adventure, and Thomas Dohmke (currently Chief Product Officer) will be GitHub’s next CEO. ⌘ Read more
This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project. ⌘ Read more
The theme for this year’s Game Off is… …BUG! Your challenge, should you choose to accept it, is to create a game between now and December 1 incorporating the theme somehow, and submit it to ⌘ Read more
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program: @yvvdwf ⌘ Read more
Maintainers can now limit who can approve and request changes on pull requests. You can also close issues and block users via your phone. ⌘ Read more
It’s that time of year again where I like to share seasonally spooktacular games plus source code—a goldmine of material for (a) those looking for coffee-break entertainment, (b) those interested in learning more about game ⌘ Read more
Since last year’s GitHub Universe, we’ve shipped more than 20,000 improvements to GitHub for developers, open source communities, and enterprise teams. Here’s a comprehensive overview of what we’re announcing at Universe this week. ⌘ Read more
The 49th Ludum Dare game jam just wrapped up with almost 3000 entries. Here’s a peek at some of the highest-rated entries that you can play, plus their source code that you can poke around ⌘ Read more
GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool. ⌘ Read more
GitHub Marketplace just passed 10,000 published actions! Learn about contributing to this growing open source ecosystem. ⌘ Read more
In the past two years, GitHub has doubled in size, welcoming more than 760 new Hubbers in 2021 alone. This past year we particularly focused on our goal of making GitHub more equitable. We saw growth in our diversity representation, whose population increased at a higher rate than the company itself. ⌘ Read more
Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings. ⌘ Read more
We sat down with Universe hosts Lorena Mesa and Jarryd McCree for a quick Q&A to help you make the most out of your conference experience this year. ⌘ Read more
Game Off is an annual game jam (or “hackathon for building games”) that’s a little different from most—it lasts for the entire month of November—not just a weekend or a few days. It’s the perfect ⌘ Read more
Heading back to school? Did you just graduate? The GitHub Education Stream Team (GEST) is sharing resources, tools, and more to help emerging developers land a job. Student leaders from around the world are creating and hosting shows to grow the tech community and share information you won’t find in the classroom. ⌘ Read more
As part of our ongoing commitment to ensure GitHub’s conferences are accessible and inclusive to people from all walks of life, we’re offering 30-minute, 1:1 micro-mentoring sessions with GitHub employees. ⌘ Read more
On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client - GitKraken. An underlying issue with a dependency, called \
keypair\, resulted in the GitKraken client generating weak SSH keys. ⌘ Read more
On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client - GitKraken. An underlying issue with a dependency, called \\
keypair\\, resulted in the GitKraken client generating weak SSH keys. ⌘ Read more
The Northern Hemisphere has hit fall, and the southern is starting to warm into summer. September has been a busy time for our community. Maintainers have been getting their repositories ready for Hacktoberfest, joining us ⌘ Read more