Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
From hosting private packages in a private repository to tightening your security profile with GITHUB_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages.
Attention all students! Make managing your virtual hackathon events even easier with the new Hackathon in the Cloud Experience.
GitHub Sponsors expands globally with 30 newly supported regions, bringing the total to 68.
As part of GitHub Enterprise Server 3.6, enterprise customers will now be able to use GitHub Discussions.
GitHub Discussions and Audit Log Streaming, new automation features, and security enhancements are available now in GitHub Enterprise Server 3.6.
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve continued with the more granular reporting we began in our 2021 reports.
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com.
As GitHub Pages, home to 16 million websites, approaches its 15th anniversary, we’re excited to announce that all sites now build and deploy with GitHub Actions.
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
In July, we experienced one incident that resulted in degraded performance for Codespaces. This report also acknowledges two incidents that impacted multiple GitHub.com services in June.
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline.
In June, we experienced four incidents resulting in significant impact to multiple GitHub.com services. This report also sheds light into an incident that impacted several GitHub.com services in May.
As part of GitHub Enterprise Server 3.6, enterprise customers will now be able to use GitHub Discussions.
While some of us have been wrapping up the financial year, and enjoying vacation time, others have been hard at work shipping open source projects and releases. These projects include…
Marketing your open source project can be intimidating, but three experts share their insider tips and tricks for how to get your hard work on the right people’s radars.
It's been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects…
GitHub Discussions and Audit Log Streaming, new automation features, and security enhancements are available now in GitHub Enterprise Server 3.6.
We’re making GitHub Copilot, an AI pair programmer that suggests code in your editor, generally available to all developers for $10 USD/month or $100 USD/year. It will also be free to use for verified students and maintainers of popular open source projects.
We are archiving Atom and all projects under the Atom organization for an official sunset on December 15, 2022.
A quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it.
As part of GitHub Enterprise Server 3.6, enterprise customers will now be able to use GitHub Discussions.
A picture tells a thousand words. Now you can quickly create and edit diagrams in markdown using words with Mermaid support in your Markdown files.
As part of GitHub Enterprise Server 3.6, enterprise customers will now be able to use GitHub Discussions.
GitHub Discussions and Audit Log Streaming, new automation features, and security enhancements are available now in GitHub Enterprise Server 3.6.
As GitHub Pages, home to 16 million websites, approaches its 15th anniversary, we’re excited to announce that all sites now build and deploy with GitHub Actions.
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
From hosting private packages in a private repository to tightening your security profile with GITHUB_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages.
Today, we are announcing the general availability of the new and improved Projects powered by GitHub Issues. GitHub Projects connects your planning directly to the work your teams are doing in GitHub and flexibly adapts to whatever your team needs at any point.
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph.
Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly.
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
While some of us have been wrapping up the financial year, and enjoying vacation time, others have been hard at work shipping open source projects and releases. These projects include…
GitHub Sponsors expands globally with 30 newly supported regions, bringing the total to 68.
It's been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects…
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.
As part of GitHub Enterprise Server 3.6, enterprise customers will now be able to use GitHub Discussions.
GitHub Discussions and Audit Log Streaming, new automation features, and security enhancements are available now in GitHub Enterprise Server 3.6.
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
Attention all students! Make managing your virtual hackathon events even easier with the new Hackathon in the Cloud Experience.
Meet the 2022 MLH Fellowship cohort! This 12-week internship alternative is for aspiring software engineers, and powered by GitHub.
Are you a student who is new to open source or just starting your maintainer journey? GitHub Global Campus’ Community Exchange can help you make that first contribution or grow your open source project.
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve continued with the more granular reporting we began in our 2021 reports.
We’re releasing exciting functionalities that will enable organizations to confidently manage and scale with Codespaces.
We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States.
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com.
Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly.
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.