In GitHub’s recent 2022 State of the Octoverse report, HashiCorp Configuration Language (HCL) was the fastest growing programming language on GitHub. HashiCorp is a leading provider of Infrastructure as Code (IaC) automation for cloud computing. HCL is HashiCorp’s configuration l … | Continue reading
Ever feel like you’re coding on a plane mid-flight? When I first learned to code about five years ago, my laptop was painstakingly slow, but I couldn’t afford a better one. That’s why I relied on browser-based IDEs like jsbin.com to run my code. Now fast forward to today, where G … | Continue reading
In December, we announced the public beta for free secret scanning alerts across public repositories. Since its release, 70 thousand public repositories have turned on secret scanning alerts, helping users like you to triage thousands of leaked secrets. As of today, GitHub secret … | Continue reading
In the previous blog, Setting the foundations for compliance, we set the groundwork for developer-enabled compliance that will keep your teams happy, in the flow, secure, compliant, and auditable. Today, we’ll walk through three practical ways that you can start meeting your comp … | Continue reading
Policymakers around the world are developing policies that impact how software gets built and who gets to build it. GitHub Policy works to represent the interests of developers and software innovation. One way we do so is to support research and data to inform policy development. … | Continue reading
CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how … | Continue reading
It doesn’t matter what stage you’re at in your software engineering career, there’s always something new to learn. As a beginner, it’s so easy to spend more time-consuming tutorials on how to code rather than actually putting it into practice. “See one, do one, teach one” is a le … | Continue reading
GitHub Copilot is like something out of a sci-fi movie—an AI pair programmer that seems capable of reading your mind as you code. GitHub Copilot uses OpenAI Codex, trained on billions of lines of public code, to suggest code and even entire functions in real-time in a developer’s … | Continue reading
On January 30, 2023, GitHub deployed a change which slightly altered the compression settings on source code downloads. This change had unforeseen consequences for a number of communities, and after they let us know, we rolled the change back. We’d like to explain what happened, … | Continue reading
Over the last year, GitHub has brought a number of enhancements to CodeQL, the semantic analysis engine that powers code scanning. You can now scan new languages, detect new types of CWEs, perform deeper analyses of your applications, and enjoy improvements to the user experience … | Continue reading
At GitHub, we put developers first and work hard to provide a safe, open, and inclusive platform for code collaboration. Because the world is increasingly reliant upon the availability and limited disruption of code, we’ve developed policies to ensure that code remains available … | Continue reading
Today, the Git project released new versions to address a pair of security vulnerabilities, (CVE-2023-22490 and CVE-2023-23946) that affect versions 2.39.1 and older. These affect Git’s local clone optimization, as well as git apply, respectively. CVE-2023-22490 When cloning a re … | Continue reading
Since we first launched GitHub Copilot, we have worked to improve the quality and responsiveness of its code suggestions by upgrading the underlying Codex model. We also developed a new security vulnerability filter to make GitHub Copilot’s code suggestions more secure and help d … | Continue reading
First previewed in partnership with OpenAI in 2021, GitHub Copilot is the world’s first at-scale AI developer tool. Sitting within the editor as a simple extension, GitHub Copilot draws context from a developer’s code to suggest new lines, entire functions, tests, and even comple … | Continue reading
Our mission to accelerate human progress through developer collaboration requires us, from time to time, to fight against legal developments that would needlessly impair developers’ right to innovate. That’s why GitHub has filed an amicus brief in the appeal of Yout LLC v. Record … | Continue reading
Welcome to our special edition of the Release Radar . Between Christmas festivities, end of the year parties, Chinese New Year, or simply enjoying some time off, almost everyone has been celebrating – us too! Now we’re taking a moment to celebrate these awesome open source projec … | Continue reading
From launching our technology preview of the new and improved code search experience a year ago, to the public beta we released at GitHub Universe last November, there’s been a flurry of innovation and dramatic changes to some of the core GitHub product experiences around how we, … | Continue reading
The pace and scale of security vulnerabilities is increasing. This is in spite of the fact that teams have been trying to keep their code secure for years. So, why are vulnerabilities still such a problem? When teams use security tools and strategies that don’t optimize the devel … | Continue reading
Ludum Dare 52, the weekend-long game jam that’s been running for almost 20 years, just wrapped up. This year’s theme was “harvest” and the number of game submissions grew to a whopping 1632! Ludum Dare is an online competition challenging participants to create a game from scratc … | Continue reading
The GitHub policy paper on the AI Act can be found here. Hello. Thank you for having me here. Thank you to those watching online. I’m Thomas, and I’m a developer. And you know, I’ve been a developer so long—I normally see a few people in the audience I know. I have been to a LOT … | Continue reading
It’s been said that documentation is like a love letter to your future self. If that’s the case, then GitHub Docs are love letters to our 100 million developers who turn to them everyday for help and support. Whether it’s a student who wants to sign up for an account or a seasone … | Continue reading
At GitHub, the branch deploy model is ubiquitous and it is the standard way we ship code to production, and it has been for years. We released details about how we perform branch deployments with ChatOps all the way back in 2015. We are able to use ChatOps to perform branch deplo … | Continue reading
In 2021, we launched All In to provide the open source community with an opportunity to work together to create a powerful movement for diversity, equity, and inclusion (DEI). From supporting over 300 students through our All in for Students program, to capturing 7,000+ voices in … | Continue reading
The open source movement quietly underpins all of the technology we use to live and work. Open source is about more than just technology or a license—it’s about creating a culture of participation and collaboration, where anyone can contribute to making the world a better place. … | Continue reading
In January, we experienced two incidents. One that resulted in degraded performance for GitHub Packages and GitHub Pages, and another that impacted git users. January 30 21:48 UTC (lasting 35 minutes) Our service monitors detected degraded performance for GitHub Packages and GitH … | Continue reading
At GitHub, our goal is to build a platform and galvanize an open source community that everyone can be a part of and make meaningful contributions. The future of software development is collaborative and equitable, made up of amazing people from diverse backgrounds and experience … | Continue reading
On December 7, 2022, GitHub detected unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. After a thorough investigation, we have concluded there was no risk to GitHub.com services as a result of this unauthorized access an … | Continue reading
Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts … | Continue reading
While compliance is foundational to delivering software around the world, there may be instances where developers get frustrated with policy enforcement slowing down their workflow. Since compliance is what enables the world’s software to be run across regions and enterprises wit … | Continue reading
In 2019, we set a goal to have 100 million developers using GitHub by 2025—because we know when more developers come together in a single place, incredible things happen. Today, I’m excited to share that there are now officially more than 100 million developers using GitHub to bu … | Continue reading
Our bug bounty team has had an exciting year, including celebrating the eighth year of our program, hosting a live hacking event in June, spotlighting one of our hackers for cybersecurity awareness month, and spending more time with our community at events such as DEFCON 30. Alon … | Continue reading
It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit that used this vulnera … | Continue reading
Open source is now an essential part of 99% of the software we use everyday, and the developers that contribute to the open source ecosystem are more important than ever. As the global home to over 94 million developers, we’re deeply familiar with how open source and free collabo … | Continue reading
Hello from Git Systems, the team that works on the Subversion subsystem at GitHub. As of January 8, 2024 (about a year from now), we will sunset Subversion support completely on GitHub.com. A release of GitHub Enterprise Server sometime in early 2024 will also remove Subversion s … | Continue reading
GitHub Actions has changed the way people automate workflows. On the GitHub Mobile team our mission is to unchain you from your desk and bring GitHub to you—wherever you are—and we’ve heard your feedback: GitHub Actions has consistently been one of your most-requested features, s … | Continue reading
Dependabot helps developers secure their software with automated security updates: when a security advisory is published that affects a project dependency, Dependabot will try to submit a pull request that updates the vulnerable dependency to a safe version if one is available. O … | Continue reading
Looking to supercharge cross-functional work at your organization? Here at GitHub, we take pride in using GitHub to release new products and features. Each new product and feature that we release requires a great amount of cross-functional collaboration, and touches nearly all ou … | Continue reading
If you’re on an application security team, you might use secret scanning to reduce the risk of leaked credentials, like passwords and API keys. When an exposed credential is found, your first step is probably to check whether the token is still active, and what access it has. Now … | Continue reading
Dependabot alerts were launched as GitHub’s first security alerts five years ago. Since then, developers have kept dependency-based vulnerabilities out of their code with over 80 million closed alerts. Historically, Dependabot alerts have only been available to admin users, but t … | Continue reading
Today, the Git project released new versions to address a pair of security vulnerabilities, CVE-2022-41903, and CVE-2022-23521, that affect versions 2.39 and older. Git for Windows was also patched to address an additional, Windows-specific issue known as CVE-2022-41953. The firs … | Continue reading
When implemented well, DevOps practices can transform how application teams deliver business value. However, the use of antipatterns can lead to disappointing results. Antipatterns are when teams focus on short term goals and concentrate on tooling without factoring in people and … | Continue reading
The tenth annual Game Off just wrapped up with a jaw-dropping 562 entries—all created in less than a month. 7,284 ratings and thousands of hours of playtime later, we are pleased to announce the winners! The theme for the 2022 competition was “cliché” and the submissions were any … | Continue reading
Since the GitHub CLI 2.0 release, developers and organizations have customized their CLI experience by developing and installing extensions. Since then, the CLI team has been busy shipping several new features to further enhance the experience for both extension consumers and aut … | Continue reading
In 2022, Dependabot automatically generated more than 75 million pull requests, which developers used to keep their dependencies up-to-date and to address millions of specific vulnerabilities. Moving forward, Dependabot is getting a little smarter—and, a little quieter—by reducin … | Continue reading
Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deplo … | Continue reading
Today, we are introducing two new features for GitHub Actions to help standardize policies and reduce duplication, required workflows and configuration variables. Read on for what this means for your DevOps processes. Required workflows Required workflows in GitHub Actions are no … | Continue reading
Maintainers of GitHub repositories can now use Category Forms to create templates for their discussions, which means that users can start new discussions with all the necessary information already included. Now, maintainers can triage discussions more easily and reduce their work … | Continue reading
At Github, we want to make it easy to develop secure software. This means building security tools that provide a frictionless experience for developers and that begins with enablement. To that end, we already offer the enablement of secret scanning and Dependabot in just one clic … | Continue reading