Fixing security vulnerabilities with AI
A peek under the hood of GitHub Advanced Security code scanning autofix.
The GitHub Blog
GitHub Availability Report: January 2024
In January, we experienced three incidents that resulted in degraded performance across GitHub services.
Bringing npm registry services to GitHub Codespaces
The npm engineering team recently transitioned to using GitHub Codespaces for local development for npm registry services. This shift to Codespaces has substantially reduced the friction of our inner development loop and boosted developer productivity.
Powering advancements of AI in the open: Apply now to GitHub Accelerator
Funding AI advancements in the open, and opening applications for second Accelerator cohort.
Get started with v4 of GitHub Actions Artifacts
We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
Latest posts
Copilot in GitHub Support is now available!
Experience AI-powered assistance for queries related to GitHub topics.
GitHub's Engineering Fundamentals program: How we deliver on availability, security, and accessibility
The Fundamentals program has helped us address tech debt, improve reliability, and enhance observability of our engineering systems.
AppSec is harder than you think. Here’s how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how.
Release Radar · January 2024 Edition
Get excited for this month's Release Radar. Maintainers were hard at work this past month, shipping major updates for you all. Read on for our top staff picks.
Engineering
GitHub Availability Report: January 2024
In January, we experienced three incidents that resulted in degraded performance across GitHub services.
Fixing security vulnerabilities with AI
A peek under the hood of GitHub Advanced Security code scanning autofix.
Bringing npm registry services to GitHub Codespaces
The npm engineering team recently transitioned to using GitHub Codespaces for local development for npm registry services. This shift to Codespaces has substantially reduced the friction of our inner development loop and boosted developer productivity.
GitHub's Engineering Fundamentals program: How we deliver on availability, security, and accessibility
The Fundamentals program has helped us address tech debt, improve reliability, and enhance observability of our engineering systems.
Community
Release Radar · January 2024 Edition
Get excited for this month's Release Radar. Maintainers were hard at work this past month, shipping major updates for you all. Read on for our top staff picks.
GitHub Fund 2024 and beyond: Looking to the future
Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.
How GitHub’s Developer Experience team improved innerloop development
Our latest solution to the ubiquitous engineering problem of integration testing in a distributed service ecosystem here at GitHub.
Powering advancements of AI in the open: Apply now to GitHub Accelerator
Funding AI advancements in the open, and opening applications for second Accelerator cohort.
Trending stories
1
Get started with v4 of GitHub Actions Artifacts
We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
2
Powering advancements of AI in the open: Apply now to GitHub Accelerator
Funding AI advancements in the open, and opening applications for second Accelerator cohort.
3
Octoverse: The state of open source and rise of AI in 2023
In this year’s Octoverse report, we study how open source activity around AI, the cloud, and Git are changing the developer experience.
4
The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
5
How to use GitHub Copilot: Prompts, tips, and use cases
In this prompt guide for GitHub Copilot, two GitHub developer advocates, Rizel and Michelle, will share examples and best practices for communicating your desired results to the AI pair programmer.
6
Bringing npm registry services to GitHub Codespaces
The npm engineering team recently transitioned to using GitHub Codespaces for local development for npm registry services. This shift to Codespaces has substantially reduced the friction of our inner development loop and boosted developer productivity.
Product
Get started with v4 of GitHub Actions Artifacts
We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
Copilot in GitHub Support is now available!
Experience AI-powered assistance for queries related to GitHub topics.
10 unexpected ways to use GitHub Copilot
GitHub Copilot is widely known for its code generation feature. Learn how the AI assistant’s abilities can extend beyond just code generation.
Insider newsletter digest: Build from anywhere
Explore the August 2023 edition, featuring easy tips and tricks for GitHub Mobile.
GitHub-hosted runners: Double the power for open source
GitHub Actions continues its industry-leading support for the OSS community by doubling the Windows/Linux machine size to 4-vCPU runners at no cost for public repositories.
GitHub Copilot Chat now generally available for organizations and individuals
All GitHub Copilot users can now enjoy natural language-powered coding with Copilot Chat at no additional cost.
Default setup now includes scheduled scans and supports all languages covered by CodeQL
We’ve added new improvements to default setup, including automatically scheduling scans on repositories and support for all CodeQL covered languages.
Security
5 ways to make your DevSecOps strategy developer-friendly
Developers care about security, but poorly integrated tools and other factors can cause frustration. Here are five best practices to reduce friction.
Scaling vulnerability management across thousands of services and more than 150 million findings
Learn about how we run a scalable vulnerability management program built on top of GitHub.
AppSec is harder than you think. Here’s how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how.
Rotating credentials for GitHub.com and new GHES patches
GitHub received a bug bounty report of a vulnerability that allowed access to the environment variables of a production container. We have patched GitHub.com and rotated all affected credentials. If you have hardcoded or cached a public key owned by GitHub, read on to ensure your systems continue working with the new keys.
GitHub and the Ekoparty 2023 Capture the Flag
The GitHub Security Lab teamed up with Ekoparty once again to create some challenges for its yearly Capture the Flag competition!
Frenemies to friends: Developers and security tools
When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let's explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.
The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
Open Source
Release Radar · January 2024 Edition
Get excited for this month's Release Radar. Maintainers were hard at work this past month, shipping major updates for you all. Read on for our top staff picks.
GitHub Fund 2024 and beyond: Looking to the future
Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.
A guide to open source for the social sector
Calling all nonprofits! Do you want to implement open source software but don’t know where to start? We’ve got good news; you can easily get started by consulting our new guide.
Game Bytes · January 2024
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!
Game Off 2023 results 🏆
The GitHub Game Off results are in! All games have been rated, ranked, and reviewed. Read on for a look at the 10 highest-rated submissions overall.
Enterprise
GitHub Availability Report: January 2024
In January, we experienced three incidents that resulted in degraded performance across GitHub services.
Do you know if all your repositories have up-to-date dependencies?
Consider deploying the GitHub Action: Evergreen so that you know each of your repositories are leveraging active dependency management with Dependabot.
Yes, good DevEx increases productivity. Here is the data.
Explore how DevEx boosts productivity and innovation according to new research.
Education
GitHub Fund 2024 and beyond: Looking to the future
Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.
Empowering Uruguay’s future workforce with AI
During the second cycle of Git Commit Uruguay, students learned the basics of AI and built their own AI-powered projects.
GitHub Certifications are generally available
Unlock your full potential with GitHub Certifications! Earning a GitHub certification will give you the competitive advantage of showing up as a GitHub expert.
Policy
New data and visualizations highlight the resilience of international developer collaboration
Discover the latest trends and insights on public software development activity on GitHub with the release of Q3 2023 data for the Innovation Graph.
GitHub Innovation Graph Q2 2023 Data Release
Discover the latest trends and insights on public software development activity on GitHub with the release of Q2 2023 data for the Innovation Graph.
Introducing the GitHub transparency center
It’s time for our biannual transparency report, where we share how we approach content moderation and disclosure of user information. This year, we’re introducing the transparency center, a new platform for our transparency reporting data.
Company
How GitHub’s Developer Experience team improved innerloop development
Our latest solution to the ubiquitous engineering problem of integration testing in a distributed service ecosystem here at GitHub.
GitHub’s top blog posts of 2023
As the year winds down, we're highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.
The ultimate gifts for the developer in your life this holiday season
If you're on the hunt for the perfect holiday gifts for the developer who has it all, look no further. We’ve curated a list of 10 must-have items (plus a few more) that strike the perfect balance between practicality and style.