GitHub Pages: Custom GitHub Actions Workflows (beta) | Continue reading

It’s been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. Here are som … | Continue reading

At GitHub, we strive to help developers do the best work of their lives. From helping easily secure projects with Dependabot to enabling faster coding with GitHub Copilot, our mission is to facilitate an unsurpassed developer experience. I love working for a company where every s … | Continue reading

The JavaScript community downloads over 5 billion packages from npm a day, and we at GitHub recognize how important it is that developers can do so with confidence. As stewards of the npm registry, it’s important that we continue to invest in improvements that increase developer … | Continue reading

Whether you’re thinking up a new open source project or building your product roadmap at work, there’s usually some period of time where you’re doing research. It may start with identifying a problem and then lead into a period of research into what solutions (if any) already exi … | Continue reading

In the June edition of Open Source Monthly, I highlighted Modos, a project, community, and company focused on software and hardware that designs digital devices with respect for users’ time, attention, and well-being. I also shared Cassidy Williams’ choice of the month: Theater.j … | Continue reading

Online communities can be daunting. They are filled with people from all walks of life, from all over the world. Open source communities are some of the biggest in the world. One of the challenges of open source communities is communicating effectively, and managing expectations … | Continue reading

New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph. | Continue reading

High-quality Git commits are the key to a maintainable and collaborative open- or closed-source project. Learn strategies to improve and use commits to streamline your development process. | Continue reading

“Learn by doing, not by watching,” a mantra that Major League Hacking promotes to evangelize the MLH Fellowship. We at GitHub couldn’t agree more. The MLH Fellowship, powered by GitHub, is a 12-week internship alternative for aspiring software engineers. MLH Fellows on the open s … | Continue reading

If you have a monorepo, you’ve probably already felt the pain of slow Git commands, such as git status and git add. These commands are slow because they need to search the entire worktree looking for changes. When the worktree is very large, Git needs to do a lot of work. The Git … | Continue reading

GitHub is on a mission to create a more secure supply chain for all developers and organizations. To do that, we need to empower all developer communities with comprehensive vulnerability information and seamless remediation guidance. That’s why we’re excited to announce that the … | Continue reading

As Maintainer Month draws to a close, we want to celebrate and give additional support to the open source projects that we depend on. We rely on the work of hundreds of open source projects to build and run GitHub, npm, GitHub Desktop, GitHub Mobile, GitHub CLI, and all the softw … | Continue reading

We’re making GitHub Copilot, an AI pair programmer that suggests code in your editor, generally available to all developers for $10 USD/month or $100 USD/year. It will also be free to use for verified students and maintainers of popular open source projects. | Continue reading

Understanding your dependencies is fundamental to good security practices. GitHub’s dependency graph detects your project’s dependencies and allows us to send Dependabot alerts when vulnerabilities are found in them. Until now, GitHub built the dependency graph entirely from stat … | Continue reading

In this post, I’ll exploit a use-after-free (UAF) bug, CVE-2022-22057 in the Qualcomm GPU driver, which affected the kernel branch 5.4 or above, and is mostly used by flagship models running the Snapdragon 888 chipset or above (for example, the Snapdragon version of S21—used in t … | Continue reading

Prebuilding codespaces is generally available | Continue reading

Mistakes are the most common cause of vulnerabilities in open source software, but they are not the only cause. Bad actors also attempt to introduce malicious software, known as malware, into open source. Details about malware can be hard to keep track of because malware is typic … | Continue reading

Learn why the GitHub Design Infrastructure team built a dedicated color tool and how they use it to create new color palettes for GitHub. | Continue reading

This open source maintainer is developing a new category of devices that use a paper display as the primary medium. | Continue reading

Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience. | Continue reading

redirect.pizza is now a GitHub secret scanning partner | Continue reading

Nearly 5,000 public contributions were made every minute last year on GitHub. Merging pull requests, answering discussions, opening issues–it’s quite a feat to build and maintain all of the projects and communities that live on GitHub. As part of GitHub’s mission, we want to cele … | Continue reading