We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more. ⌘ Read more
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more. ⌘ Read more
The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release. ⌘ Read more
To celebrate Maintainer Month, GitHub has invested an additional $500,000 to help sponsor the open source projects that it depends on. ⌘ Read more
We’re releasing exciting functionalities that will enable organizations to confidently manage and scale with Codespaces. ⌘ Read more
We’re making GitHub Copilot, an AI pair programmer that suggests code in your editor, generally available to all developers for $10 USD/month or $100 USD/year. It will also be free to use for verified students and maintainers of popular open source projects. ⌘ Read more
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance. ⌘ Read more
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities ⌘ Read more
Each month, we highlight open source projects that have shipped major updates. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. We cover what the project is and some of their breaking changes. Read about the project, and browse their repositories. Without further ado, here are our top staff picks […] ⌘ Read more
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit. ⌘ Read more
Git Merge, the conference dedicated to bringing the Git community together returns on September 14-15 in Chicago, Illinois. ⌘ Read more
Teams and GHEC customers can now create blazing fast codespaces, even for your largest and most complex projects. ⌘ Read more
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community. ⌘ Read more
Learn why the GitHub Design Infrastructure team built a dedicated color tool and how they use it to create new color palettes for GitHub. ⌘ Read more
We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States. ⌘ Read more
June's Open Source Monthly features Mondos–a community-focused company building software and hardware that designs digital devices with respect for users' time, attention, and well-being. ⌘ Read more
How can you robustly assert and identify a user’s identity? ⌘ Read more
Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience. ⌘ Read more
Dependabot is generally available in GitHub Enterprise Server 3.5. Here is how to set up Dependabot on your instance. ⌘ Read more
We're excited to announce that we're open sourcing our Identity and Access Management solution: Entitlements. ⌘ Read more
Available in public beta today, we're announcing Achievements as a new way to commemorate milestones on GitHub. ⌘ Read more
We are archiving Atom and all projects under the Atom organization for an official sunset on December 15, 2022. ⌘ Read more
A personal story about building the feature you want and sharing it with the world. ⌘ Read more
Today, we’re announcing GitHub Skills, a new learning experience to help you throughout your GitHub journey. ⌘ Read more
CI/CD and workflow automation are native capabilities on GitHub platform. Here’s how to start using them and speed up your workflows. ⌘ Read more
Learn how you can securely manage users with the latest ships for GitHub Enterprise. ⌘ Read more
Read about all the features you may not have known come on the GitHub Free plan, and how to choose the right plan for you. ⌘ Read more
During the month of June, we’re holding space for open source maintainers to gather, share, and be celebrated. ⌘ Read more
In May, we experienced three distinct incidents resulting in significant impact to multiple services across GitHub.com. This report also sheds light into the billing incident that impacted Actions and Codespaces users in April. ⌘ Read more
Several ways for GitHub-hosted Actions runners to connect to resources on your private network. ⌘ Read more
GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities. ⌘ Read more
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security. ⌘ Read more
The recently-ended Gamedev.js Jam 2022 encouraged game developers to create web games and share their sources on GitHub. GitHub Star ⭐️ @end3r shares the best 13 entries and sees what experts and other participants think of them. ⌘ Read more
npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings. ⌘ Read more
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt. ⌘ Read more
We’re excited to announce some big improvements to our REST API documentation. We know developers rely on this documentation to integrate with GitHub, and we are committed to making it trustworthy, easy to find, and easy to use. ⌘ Read more
GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away! ⌘ Read more
It was another record year for our Security Bug Bounty program. We're excited to highlight some achievements we’ve made together with the bounty community from 2021! ⌘ Read more
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks on projects that shipped major version releases in April. Flyte 1.0 I was lucky enough to discover Flyte during Hacktoberfest last year. Now, Flyte has […] ⌘ Read more
Upgrade to GHES 3.2 or newer by June 3rd to continue using GitHub Connect. ⌘ Read more
Mathematical expressions are key to information sharing amongst engineers, scientists, data scientists, and mathematicians. Today we are pleased to announce that math expressions can be rendered in Markdown on GitHub using $$ as a delimiter for code blocks with math content or the $ delimiter for inline math expressions. ⌘ Read more
Learn about what GitHub is doing to make their products more inclusive, and what’s next. ⌘ Read more
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how. ⌘ Read more
The innersource contribution percentage is the rate of contributions from people outside the team that originally authored the software. Let’s dive into what it can look like for your organization. ⌘ Read more
At GitHub we use GitHub to build our own products, and the new projects experience is no different. Check out how our team uses projects to build powerful project planning for developers. ⌘ Read more
GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices. ⌘ Read more
This year, thousands of students from around the world came together and redefined the world we live in, how we learn, and how we move forward. We are honored to be part of the experience and eager to celebrate this milestone. So on June 11 we celebrate the Class of 2022 and welcome them to […] ⌘ Read more
Introduction Open Sauced, GitHub’s Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors find the right project to contribute to Corporations and individuals find a new project to sponsor Open source maintainers gain more consistent contributors and sponsors […] ⌘ Read more
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to the npm registry to make two-factor authentication (2FA) adoption easier for developers. Today, we are launching a public beta for a significantly improved 2FA experience […] ⌘ Read more
You can now output and group custom Markdown content on the Actions run summary page. ⌘ Read more
Teachers, it is now your turn to join GitHub Global Campus with our student community! Get access to exclusive benefits, programs, and the Power of Codespaces at no cost in GitHub Classroom! ⌘ Read more
We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves. ⌘ Read more
20 of our favorite games plus source code from the latest Ludum Dare competition. ⌘ Read more
Teaching is a great way to not only help others but to better learn a topic yourself. ⌘ Read more
In April, we experienced two distinct incidents resulting in significant impact and degraded state of availability for Codespaces and GitHub Packages. ⌘ Read more
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. ⌘ Read more
This is the second and final post in a series describing friendly forks and alternative strategies for managing them. ⌘ Read more
Thanks to the efforts of the Elixir community, GitHub supports code navigation for Elixir repositories. Read how favorite language can add this support too! ⌘ Read more
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today. ⌘ Read more
GitHub Desktop 3.0 brings better integration with your GitHub Pull Requests. You can now receive real time notifications and review the status of your check runs for your pull request. ⌘ Read more
The ZX Spectrum, one of the best-selling microcomputers of all time, celebrates its 40 years anniversary today. Read more about how the community is still active - creating new content, archiving old content, and hacking on all sorts of hardware. ⌘ Read more
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub. ⌘ Read more
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account. ⌘ Read more
We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work. ⌘ Read more
The history of pre-receive hooks, how we discovered that the performance was problematic, and how we went about safely replacing them. ⌘ Read more
Organization profiles can now display custom content visible only to members of the organization. A new Member view can be tailored to show an alternative README and pinned private repositories. ⌘ Read more
We’re releasing exciting improvements that will streamline your Codespaces experience when working with multi-repository projects and monorepos. ⌘ Read more
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities. ⌘ Read more
Another new release of Git is here! Take a look at some of our highlights on what's new in Git 2.36. ⌘ Read more
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users. ⌘ Read more
Today, we're shipping a new feature for Dependabot alerts which helps you better understand how you're affected by a vulnerability. ⌘ Read more
Upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine. ⌘ Read more
Today, we’re excited to bring you a few new features that will help you communicate, collaborate, and connect seamlessly with teams and communities about the software you’re building with the help of GitHub Discussions. ⌘ Read more
How we sped up GitHub.com by moving slow, non-critical code into rack.after\\_reply. ⌘ Read more_
How we sped up GitHub.com by moving slow, non-critical code into rack.after\_reply. ⌘ Read more_
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks on projects that shipped major version releases in March. Babylon.js 5.0 We featured Babylon.js in the November 2020 Release Radar. Since then, Babylon.js has come […] ⌘ Read more
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy. ⌘ Read more
Learn how to build packages with SLSA 3 provenance using GitHub Actions. ⌘ Read more
In March, we experienced several incidents resulting in significant impact to multiple GitHub services. ⌘ Read more
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code. ⌘ Read more
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure. ⌘ Read more
From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub. ⌘ Read more
Organizations with GitHub Advanced Security can now proactively protect against secret leaks with secret scanning’s new push protection feature. ⌘ Read more
We believe our technical interviews should be as similar as possible to the way we work at GitHub. ⌘ Read more
GitHub Copilot is now available from Visual Studio 2022 for everyone in the technical preview. ⌘ Read more
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user accounts, commonly used dependencies, and also build systems. Defending against these attacks is hard, because there’s no one thing you can do to protect your […] ⌘ Read more
GitHub Education is fired up for the return of Next.Tech’s developer community competition: Break the Code 2. We've hacked in some new enigmas, cheat codes, and easter eggs for digital sleuths to uncover! ⌘ Read more
Over the past few weeks, we have experienced multiple incidents due to the health of our database. We wanted to share what we know about these incidents while our team continues to address them. ⌘ Read more
You can now enforce consistent usage of self-hosted runner groups across your organization and enterprise. ⌘ Read more
Today, we are rolling out a new beta version of GitHub’s home feed, making it easier to discover projects, developers and more across GitHub. ⌘ Read more
If you're a GHES customer with heavy read traffic on your monorepo, check out the repository cache, especially if you have CI workloads distributed around the world. ⌘ Read more
You can now create a branch to work on an issue directly from the issue page so that it's easier to get started right away. ⌘ Read more
If there's one habit that can make software more secure, it's probably input validation. Here's how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code. ⌘ Read more
Our community has shipped lots of open source project updates in the last month. Here's a few of our staff picks. ⌘ Read more
It is now possible to re-run only failed jobs or a single job in GitHub Actions workflows. ⌘ Read more
We've introduced several new features to help enterprise owners more easily manage their accounts, including two features now in public beta. ⌘ Read more
In February, we experienced one incident resulting in significant impact to multiple GitHub services. ⌘ Read more
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers. ⌘ Read more
Explore and understand your overall GitHub-hosted Actions runner capacity with the new runner view. ⌘ Read more
The ability to prebuild codespaces is entering public beta. Enable fast environment creation times, regardless of the size and complexity of your repositories. ⌘ Read more
In-line with the other categories, workflows in the Security category will be recommended based on a repository's content. ⌘ Read more