Insider newsletter digest: 4 things you didn't know you could do with GitHub Projects
Unlock the secret to organization and collaboration magic with our GitHub Projects tips and tricks roundup.
The GitHub Blog
Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL
Now in public beta for GitHub Advanced Security customers, code scanning autofix helps developers remediate more than two-thirds of supported alerts with little or no editing.
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
GitHub Availability Report: February 2024
In February, we experienced two incidents that resulted in degraded performance across GitHub services.
Exploring an increase in circumvention claims in our transparency data
Our full year of 2023 transparency reporting data is now available and we’re taking a deep dive into how a form change caused an abrupt increase in circumvention claims.
Hard and soft skills for developers coding in the age of AI
While AI revolutionizes software development, it still relies on developers to pilot its use. In this blog, we’ll cover the skills that developers need to have for navigating this new AI-powered coding frontier.
Latest posts
How GitHub uses merge queue to ship hundreds of changes every day
Here's how merge queue transformed the way GitHub deploys changes to production at scale, so you can do the same for your organization.
GitHub Enterprise Server 3.12 is now generally available
With this version, customers can choose how to best scale their security strategy, gain more control over deployments, and so much more.
Keeping repository maintainer information accurate
Discover how keeping repository maintainer information accurate through CODEOWNERS files and automating maintenance with tools like cleanowners fosters efficient collaboration and sustainable software projects.
GitHub Copilot Learning Pathway: Accelerate your business with AI
Learn what GitHub Copilot can help your business achieve in this expert-guided GitHub Learning Pathway, featuring insights from tech leaders at top organizations.
Engineering
Hard and soft skills for developers coding in the age of AI
While AI revolutionizes software development, it still relies on developers to pilot its use. In this blog, we’ll cover the skills that developers need to have for navigating this new AI-powered coding frontier.
How GitHub uses merge queue to ship hundreds of changes every day
Here's how merge queue transformed the way GitHub deploys changes to production at scale, so you can do the same for your organization.
Keeping repository maintainer information accurate
Discover how keeping repository maintainer information accurate through CODEOWNERS files and automating maintenance with tools like cleanowners fosters efficient collaboration and sustainable software projects.
How AI code generation works
Explore the capabilities and benefits of AI code generation, and how it can improve the developer experience for your enterprise.
Community
Meet Kayla: A college student and open source ambassador
From learner to mentor, Kayla, an All In for Students ambassador, has become an open source leader on her campus.
Powering advancements of AI in the open: Apply now to GitHub Accelerator
Funding AI advancements in the open, and opening applications for second Accelerator cohort.
Release Radar · January 2024 Edition
Get excited for this month's Release Radar. Maintainers were hard at work this past month, shipping major updates for you all. Read on for our top staff picks.
Game Bytes · February 2024
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on! 🕹️
Trending stories
1
Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL
Now in public beta for GitHub Advanced Security customers, code scanning autofix helps developers remediate more than two-thirds of supported alerts with little or no editing.
2
Octoverse: The state of open source and rise of AI in 2023
In this year’s Octoverse report, we study how open source activity around AI, the cloud, and Git are changing the developer experience.
3
Insider newsletter digest: 4 things you didn't know you could do with GitHub Projects
Unlock the secret to organization and collaboration magic with our GitHub Projects tips and tricks roundup.
4
Raising the bar for software security: GitHub 2FA begins March 13
On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.
5
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
6
How to build a CI/CD pipeline with GitHub Actions in four simple steps
A quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it.
Product
Insider newsletter digest: 4 things you didn't know you could do with GitHub Projects
Unlock the secret to organization and collaboration magic with our GitHub Projects tips and tricks roundup.
Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL
Now in public beta for GitHub Advanced Security customers, code scanning autofix helps developers remediate more than two-thirds of supported alerts with little or no editing.
How we’re using GitHub Projects to standardize our workflows and stay aligned
Learn how we’re managing feature releases and establishing best practices within and across teams at GitHub using GitHub Projects.
GitHub Copilot Enterprise is now generally available
Our most advanced AI offering to date is customized to your organization’s knowledge and codebase, infusing GitHub Copilot throughout the software development lifecycle.
Insider newsletter digest: Cook up a controller with GitHub Copilot
Whether you're coding up a storm or cooking up code, building a controller function with AI is your secret sauce to a flavorful app.
Get started with v4 of GitHub Actions Artifacts
We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.
Copilot in GitHub Support is now available!
Experience AI-powered assistance for queries related to GitHub topics.
Security
AppSec is harder than you think. Here’s how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how.
Rotating credentials for GitHub.com and new GHES patches
GitHub received a bug bounty report of a vulnerability that allowed access to the environment variables of a production container. We have patched GitHub.com and rotated all affected credentials. If you have hardcoded or cached a public key owned by GitHub, read on to ensure your systems continue working with the new keys.
Keeping secrets out of public repositories
With push protection now enabled by default, GitHub helps open source developers safeguard their secrets, and their reputations.
How to stay safe from repo-jacking
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.
Build code security skills with the GitHub Secure Code Game
Learn to find and fix security issues while having fun with Secure Code Game, now with new challenges focusing on JavaScript, Python, Go, and GitHub Actions!
The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
Open Source
Game Bytes · February 2024
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on! 🕹️
Highlights from Git 2.44
The first Git release of 2024 is here! Take a look at some of our highlights on what's new in Git 2.44.
Release Radar · January 2024 Edition
Get excited for this month's Release Radar. Maintainers were hard at work this past month, shipping major updates for you all. Read on for our top staff picks.
GitHub Fund 2024 and beyond: Looking to the future
Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.
A guide to open source for the social sector
Calling all nonprofits! Do you want to implement open source software but don’t know where to start? We’ve got good news; you can easily get started by consulting our new guide.
Enterprise
GitHub Availability Report: February 2024
In February, we experienced two incidents that resulted in degraded performance across GitHub services.
GitHub Enterprise Server 3.12 is now generally available
With this version, customers can choose how to best scale their security strategy, gain more control over deployments, and so much more.
GitHub Copilot Learning Pathway: Accelerate your business with AI
Learn what GitHub Copilot can help your business achieve in this expert-guided GitHub Learning Pathway, featuring insights from tech leaders at top organizations.
Education
GitHub Fund 2024 and beyond: Looking to the future
Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.
Empowering Uruguay’s future workforce with AI
During the second cycle of Git Commit Uruguay, students learned the basics of AI and built their own AI-powered projects.
GitHub Certifications are generally available
Unlock your full potential with GitHub Certifications! Earning a GitHub certification will give you the competitive advantage of showing up as a GitHub expert.
Policy
Exploring an increase in circumvention claims in our transparency data
Our full year of 2023 transparency reporting data is now available and we’re taking a deep dive into how a form change caused an abrupt increase in circumvention claims.
New data and visualizations highlight the resilience of international developer collaboration
Discover the latest trends and insights on public software development activity on GitHub with the release of Q3 2023 data for the Innovation Graph.
GitHub Innovation Graph Q2 2023 Data Release
Discover the latest trends and insights on public software development activity on GitHub with the release of Q2 2023 data for the Innovation Graph.
Company
Empowering all developers to build without barriers
GitHub has been awarded the 2024 Axe Accessibility at Scale Award from Deque Systems. Read more about how we’ve implemented accessibility at scale.
How GitHub’s Developer Experience team improved innerloop development
Our latest solution to the ubiquitous engineering problem of integration testing in a distributed service ecosystem here at GitHub.
GitHub’s top blog posts of 2023
As the year winds down, we're highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.