The GitHub Blog

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

GitHub was honored to contribute to the Santa Clara Principles on Transparency and Accountability in Content Moderation 2.0.

In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.

When you want to create a workflow in the Actions tab of your repository, the recommendations are now based on an analysis of repo content.

Codespaces is a great tool for technical hiring exercises and helps level the playing field for candidates.

Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one’s for you.

This blog post tells the story of why we built a new search engine optimized for code.

Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.