Git Merge 2022 just wrapped up bringing the community together for 16 talks, three workshops, one Git Contributor Summit, and lots of great conversations over two days. Read on for more info, photos from the event, and all of the session recordings. ⌘ Read more
Git Merge 2022 just wrapped up bringing the community together for 16 talks, three workshops, one Git Contributor Summit, and lots of great conversations over two days. Read on for more info, photos from the event, and all of the session recordings. ⌘ Read more
Save the date! Game Off returns on November 1 for it’s 10th year! 🎉 ⌘ Read more
We’re always trying to improve the GitHub developer experience in meaningful ways, and we love learning from our customers. In the last several months we released several new fork capabilities, and we’re publishing revised fork documentation that gives more details with clearer explanations to make fork concepts easier to understand. ⌘ Read more
GitHub Actions changed how developers automate workflows with GitHub. Today, we’re introducing a new navigation to manage your GitHub Actions experience, improving discoverability and accessibility as well as opening up future feature opportunities. ⌘ Read more
Upgrade your local installation of Git, especially when cloning with --recurse-submodules from untrusted repositories, or if you use git shell interactive mode. ⌘ Read more
Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens. ⌘ Read more
Upgrade your local installation of Git, especially when cloning with \
--recurse-submodules\ from untrusted repositories, or if you use \git shell\ interactive mode. ⌘ Read more
Upgrade your local installation of Git, especially when cloning with \\
--recurse-submodules\\ from untrusted repositories, or if you use \\git shell\\ interactive mode. ⌘ Read more
Read about how the GitHub Social Impact, Tech for Social Good and Policy teams participated in the 77th session of the United Nations General Assembly, including events we hosted with the World Health Organization and the UN Development Programme. ⌘ Read more
Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease. ⌘ Read more
GitHub is sponsoring Open Source Initiative’s Deep Dive: AI because we think it’s important for the community to unpack how open source software, process, and principles can help best deliver on the promise of AI. ⌘ Read more
Learn about using GitHub Advanced Security (GHAS) alerts with Security Information and Events Management (SIEM) tools. Check out the integrations, and read more about getting started. ⌘ Read more
New to Git v2.38, Scalar is a built-in repository manager for large repos. Here, we’ll tell the story of how Scalar went from a rough VFS for Git successor to a fully-integrated Git tool, with all of the engineering lessons learned in the process. ⌘ Read more
Explore 80+ content sessions delivered by over 120 different speakers, across two days and four content tracks, all designed to level up your skills. ⌘ Read more
Stay connected and up to date on your work with GitHub Projects on GitHub Mobile, now in public beta. ⌘ Read more
We’re excited that the World Intellectual Property Organization (WIPO) has launched the 2022 edition of its Global Innovation Index (GII) with an indicator of developer creative outputs based on GitHub commits. ⌘ Read more
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts. ⌘ Read more
The eleventh annual js13kGames coding competition, challenging participants to create games in 13kB or less of JavaScript in a month, just wrapped up. This post highlights the top thirteen entries. ⌘ Read more
Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security. ⌘ Read more
In September, we experienced one incident that resulted in degraded performance across GitHub services. We also experienced one incident resulting in significant impact to Codespaces. We are still investigating that incident and will include it in next month’s report. This report also sheds light into an incident that impacted Codespaces in August and an incident that impacted Actions in August. ⌘ Read more
Develop your design and collaboration skills to get your clever intentions off the ground. ⌘ Read more
GitHub Universe is back and more robust than ever, with two great ways to engage with everything this global developer event has to offer. ⌘ Read more
Give back to open source projects during the month of October! This year, we’re encouraging more than code contributions: writing, design, advocacy, and financial donations. ⌘ Read more
Another new release of Git is here! Take a look at some of our highlights on what's new in Git 2.38. ⌘ Read more
Access to the open internet is essential to defending human rights, and developers have an important role in promoting freedom of expression and transparency. GitHub is committed to keeping Iranians connected to the global developer community. ⌘ Read more
Tech can be a tricky industry (to say the least). We talked with three tech professionals who share why they stay, what has helped them the most, and the power of switching things up. ⌘ Read more
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO. ⌘ Read more
Three new Campus Experts are joining the fall 2022 batch of the MLH Fellowship to work with open source maintainers and get real-world experience. ⌘ Read more
We’re launching GitHub for Startups to give your startup the tools needed to go from idea to unicorn status on the world's largest developer platform. ⌘ Read more
On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations. ⌘ Read more
Students have the opportunity to connect with GitHub employees at GitHub Universe 2022 through Micro-Mentoring sessions hosted by GitHub Social Impact. ⌘ Read more
The ReadME Project & Podcast evolve with community expert voices and topics to stoke discussion about the culture and craft of software development. ⌘ Read more
As the home for developers, we understand the key role our communities play in steering digital transformation and maintaining societal infrastructure. That's why we choose to drive and support policies and initiatives like the Copenhagen Pledge on Tech for Democracy. We're committed to working with like-minded organizations, governments, and civil society to make digital technologies work for democracy and human rights, ... ⌘ Read more
Go beyond knowing GitHub as the home of open source and explore how GitHub Enterprise can help you transform your software engineering organization and practices. ⌘ Read more
GitHub this month installed a massive steel vault, etched with striking AI-generated art, deep within an Arctic mountain, finalizing its Arctic Code Vault. This vault contains the 188 reels of hardened archival film which will preserve the 02/02/202 snapshot of every active public GitHub repository for 1,000 years. It also now includes a ... ⌘ Read more
Three new Campus Experts are joining the fall 2022 batch of the MLH Fellowship to work with open source maintainers and get real-world experience. ⌘ Read more
Here are some actionable tips on how to ask your manager to send you to GitHub Universe this year—with a free template included! ⌘ Read more
Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building. ⌘ Read more
The GitHub Actions team has done lots of work to improve the performance and resource consumption of Actions on GHES in the past year. ⌘ Read more
Developers all over the world are using GitHub Copilot to help speed up their development and increase developer productivity. With GitHub Copilot available to developers everywhere, we’ve found some fun and useful examples of how developers can use GitHub Copilot for things you may not be thinking about. ⌘ Read more
A tour of recent work to re-engineer Git’s garbage collection process to scale to our largest and most active repositories. ⌘ Read more
We’re thrilled to be back at the Grace Hopper Celebration at Open Source Day, the largest celebration of women in open source. Stop by and say hi at one of our workshops. ⌘ Read more
Calling all students and teachers! With semester change coming soon, now is the time to start using the latest features within GitHub Education and Global Campus! ⌘ Read more
We’re taking a look at two commonly-used security tools and detailing how they can help secure your projects. ⌘ Read more
After a year in technical preview, GitHub Copilot, an AI pair programmer, is now free for all teachers verified on GitHub Global Campus. ⌘ Read more
Read the new GitHub report on OSS in India, Kenya, Egypt, and Mexico. Available now in English, and in Spanish and Arabic later this year. ⌘ Read more
In August, we experienced one incident resulting in significant impact to Codespaces. We’re still investigating that incident and will include it in next month’s report. This report also sheds light into an incident that impacted Codespaces in July. ⌘ Read more
When the GitHub Copilot Technical Preview launched just over one year ago, we wanted to know one thing: Is this tool helping developers? Our research, using a combination of surveys and experiments, led us to expected and unexpected answers. ⌘ Read more
Live on September 15, 2022, with talks by industry experts in Spanish, Portuguese, and English, on topics including software development, security, technical project management, community, open source, professional development and best practices. ⌘ Read more
A software engineer’s personal journey to becoming an open source contributor. ⌘ Read more
We’ve been gearing up to launch GitHub Universe 2022 and our community has been launching cool projects left right and center. These projects include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of the open source projects that released major version updates this August. Read more about these projects in […] ⌘ Read more
This fifth and final part of our blog series exploring Git's internals shows several strategies for scaling your Git repositories that match related database sharding techniques. ⌘ Read more
Now your team can spend less time managing infrastructure and more time writing code. ⌘ Read more
Now your team can spend less time managing infrastructure and more time writing code. ⌘ Read more
We're examining Git’s internals to help make your engineering system more efficient. This post views Git as a distributed database and looks into its synchronization techniques, specifically ‘git fetch’ and ‘git push’. ⌘ Read more
Register now to attend GitHub Universe virtually or in-person at the Yerba Buena Center for the Arts in San Francisco on November 9-10. ⌘ Read more
Git’s file history queries use specialized algorithms that are tailored to common developer behavior. Level up your history spelunking skills by learning how different history modes behave and which ones to use when you need them. ⌘ Read more
This post explores Git commit history as a database where ‘git log’ is the query language. Learn about Git’s custom query index – the commit-graph file – and how to make sure it's enabled in your repositories. ⌘ Read more
This blog series will examine Git’s internals to help make your engineering system more efficient. Part I discusses how Git stores its data in packfiles using custom compression techniques. ⌘ Read more
The future of software development does not exist without open source. However, to maintain today’s software and create the software of the future, the largest organizations and beneficiaries of open source need to expand their collaboration with the community and help it grow. ⌘ Read more
Whether you’re committing 30 minutes or 3 hours a day to learning, consistency is key. Klint Finley asks 3 tech professionals at different stages in their career for more advice. ⌘ Read more
We've open sourced Trilogy, the database adapter we use to connect Ruby on Rails to MySQL-compatible database servers. ⌘ Read more
This month's featured open source project, Open Sauced, connects contributors and maintainers through analytical insights. ⌘ Read more
We are pleased to announce the full lineup of talks and workshops for this year’s Git Merge conference in Chicago. 17 talks, 3 workshops, 1 panel, and some great company! ⌘ Read more
As part of GitHub Enterprise Server 3.6, enterprise customers will now be able to use GitHub Discussions. ⌘ Read more
GitHub Discussions and Audit Log Streaming, new automation features, and security enhancements are available now in GitHub Enterprise Server 3.6. ⌘ Read more
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve continued with the more granular reporting we began in our 2021 reports. ⌘ Read more
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com. ⌘ Read more
As GitHub Pages, home to 16 million websites, approaches its 15th anniversary, we’re excited to announce that all sites now build and deploy with GitHub Actions. ⌘ Read more
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows. ⌘ Read more
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore. ⌘ Read more
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers. ⌘ Read more
While some of us have been wrapping up the financial year, and enjoying vacation time, others have been hard at work shipping open source projects and releases. These projects include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of the open source projects that released major version updates this July. […] ⌘ Read more
From hosting private packages in a private repository to tightening your security profile with GITHUB\_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages. ⌘ Read more_
From hosting private packages in a private repository to tightening your security profile with GITHUB\\_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages. ⌘ Read more_
In July, we experienced one incident that resulted in degraded performance for Codespaces. This report also acknowledges two incidents that impacted multiple GitHub.com services in June. ⌘ Read more
Attention all students! Make managing your virtual hackathon events even easier with the new Hackathon In The Cloud Experience. ⌘ Read more
Marketing your open source project can be intimidating, but three experts share their insider tips and tricks for how to get your hard work on the right people’s radars. ⌘ Read more
GitHub Sponsors expands globally with 30 newly supported regions, bringing the total to 68. ⌘ Read more
It’s been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of these open source projects that released major updates this […] ⌘ Read more
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more
Today, we are announcing the general availability of the new and improved Projects powered by GitHub Issues. GitHub Projects connects your planning directly to the work your teams are doing in GitHub and flexibly adapts to whatever your team needs at any point. ⌘ Read more
Today, we’re launching GitHub Community, which brings together GitHub Community Forum, GitHub Education Forum, and product feedback into a free, in-product, single space for all user-to-user interactions. ⌘ Read more
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm. ⌘ Read more
GitHub Issues is a core component of how developers get things done and, as we built more project planning capabilities into GitHub, we’ve found some fun and unique ways to use the new projects experience for personal productivity. ⌘ Read more
We strive to understand how developers collaborate and work on GitHub, and we sometimes partner with academics to better understand how we can improve our products. Here's how we did that to build and evolve GitHub Discussions. ⌘ Read more
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline. ⌘ Read more
July's Open Source Monthly features Zag.js, which leverages state machines to make framework agnostic components. ⌘ Read more
We surveyed more than 2,000 developers about whether GitHub Copilot helped them be more productive and improved their coding. Then, we matched this qualitative feedback and subjective perception with quantitative data around objective usage measurements and productivity. ⌘ Read more
Read about the six key themes, and tips for each, that ensure sustainable and healthy open source communities. ⌘ Read more
In June, we experienced four incidents resulting in significant impact to multiple GitHub.com services. This report also sheds light into an incident that impacted several GitHub.com services in May. ⌘ Read more
A Little Game Called Mario is an open source, collectively developed hell project. Anyone and everyone is welcome to contribute their unique talents to make both the player and developer experience more enjoyable. Find out how the collective leverages GitHub Actions to manage this wonderful little community. ⌘ Read more
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph. ⌘ Read more
Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly. ⌘ Read more
High-quality Git commits are the key to a maintainable and collaborative open- or closed-source project. Learn strategies to improve and use commits to streamline your development process. ⌘ Read more
Maintainers answer your questions about how to manage an open source project that grows into a community. ⌘ Read more
Meet the 2022 MLH Fellowship cohort! This 12-week internship alternative is for aspiring software engineers, and powered by GitHub. ⌘ Read more
In this post I'll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I'll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome. ⌘ Read more
Monorepo performance can suffer due to the sheer number of files in your working directory. Git’s new builtin file system monitor makes it easy to speed up monorepo performance. ⌘ Read more
The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6. ⌘ Read more