Anyone can now provide additional information and context to further the community’s understanding and awareness of security advisories. | Continue reading
Today we launched new code scanning features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities. | Continue reading
A behind-the-scenes peek into the machine learning framework powering GitHub's new code scanning security alerts. | Continue reading
The benefits of a trusted confidant reach beyond increased engagement and sense of belonging. Our developer advocates offer tips. | Continue reading
Practical tips on how to apply OWASP Top 10 Proactive Control C4. | Continue reading
The GitHub Enterprise Server 3.4 release candidate delivers enhancements to make life easier and more productive. | Continue reading
Over the past year, the GitHub Stars have made a tremendous impact in the community, inspiring communities and creating helpful content. | Continue reading
The MLH Fellowship, powered by GitHub, is a 12-week internship alternative for aspiring software engineers. Meet the 2022 cohort! | Continue reading
Mermaid is a JavaScript based diagramming and charting tool that takes Markdown-inspired text definitions and creates diagrams dynamically in the browser. | Continue reading
GitHub's new project experience is built with flexibility in mind. Here's how to get started with GitHub Issues and project planning. | Continue reading
Reusable workflows offer a simple and powerful way to avoid copying and pasting workflows across your repositories. | Continue reading
GitHub's recommended 4-step process for coordinated vulnerability disclosure, with suggestions for reporters to foster a positive experience. | Continue reading
Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate. | Continue reading
More code, more updates! The Release Radar is a round up of open source projects that shipped major version releases. Here's this month's staff picks. | Continue reading
More ways to keep your pull request branch up-to-date | Continue reading
In January, we experienced no incidents resulting in service downtime to our core services. | Continue reading
Here’s a quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it. | Continue reading
Along with the release of sponsors-only repositories, here’s a look at what’s new and what’s next for Sponsors. | Continue reading
CodeQL's static analysis works by running queries over a database representation of a program. Here's how we add support for new languages. | Continue reading
Starting today, all maintainers of top-100 npm packages, by dependents, will now be enrolled in mandatory 2FA for their accounts. | Continue reading
From any repository that uses Actions, you can now see your Actions workflows alongside any other dependencies. | Continue reading
In our latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal. | Continue reading
When it comes to secure database access, there's more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance. | Continue reading
Learn new skills, build projects and meet like-minded students with the latest shows from the GitHub Education Stream Team. | Continue reading
Our community has been hard at work through December shipping updates. Here's our staff picks for open source projects with major version releases. | Continue reading
Git.io no longer accepts new URLs | Continue reading
When digital infrastructure is overlooked by governments, it isn't just a missed opportunity: policies may inadvertently endanger open source collaboration. | Continue reading
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google. | Continue reading
With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science and his connection to all things extraterrestrial. | Continue reading
Here are the top games created in our annual game jam as rated and reviewed by the developers that made them. Game On! | Continue reading
Check out five open source communities using GitHub Discussions to do everything from field feature requests to build flight systems. | Continue reading
My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit. | Continue reading
The GitHub Mobile Team automates their weekly release process by using GitHub Actions. Here's how they do it. | Continue reading
In December, we experienced no incidents resulting in service downtime to our core services. | Continue reading
The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community. | Continue reading
We're highlighting some of this year's awesome work from GitHub’s engineers, product teams, and security researchers. | Continue reading
GitHub was honored to contribute to the Santa Clara Principles on Transparency and Accountability in Content Moderation 2.0. | Continue reading
In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries. | Continue reading
When you want to create a workflow in the Actions tab of your repository, the recommendations are now based on an analysis of repo content. | Continue reading
Dropping candidates into a finely honed environment has myriad benefits. It eliminates the random starting point, leveling the playing field. | Continue reading
For any developer looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes. | Continue reading
This blog post tells the story of why we built a new search engine optimized for code, including historical context and challenges along the way. | Continue reading
Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repos. | Continue reading
Defining your security requirements is the most important proactive control you can implement for your project. Here's how. | Continue reading
On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228. | Continue reading
Customize keyboard shortcuts, preview Markdown renderings in Gist files, edit labels for Actions self-hosted runners via API, and more! | Continue reading
Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests. | Continue reading