Hacktoberfest has wrapped up, GitHub Universe has come to a close, and our community has been super hard at work. All the while people enjoyed turkey over thanksgiving and expressed gratitude for those around them. In this edition, we’d like to thank the open source community for … | Continue reading
Hacktoberfest has wrapped up, GitHub Universe has come to a close, and our community has been super hard at work. All the while people have been enjoying turkey and expressing gratitude for those around them. In this edition, we’re thankful to the open source community and all th … | Continue reading
Ever wondered how the largest open source platform manages its vulnerabilities? GitHub’s security team built an agile vulnerability management program, capable of protecting a growing population of over 100 million developers—and their data—around the world. For GitHub’s security … | Continue reading
In November, we experienced one incident that resulted in degraded performance across GitHub services. November 3 18:42 UTC (lasting 38 minutes) Between 18:42 and 19:20 UTC on November 3, the GitHub authorization service experienced excessive application memory use, leading to fa … | Continue reading
At GitHub Security Lab, we are continuously analyzing open source projects in line with our goal of keeping the software ecosystem safe. Whether by manual review, multi-repository variant analysis, or internal automation, we focus on high-profile projects we all depend on and rel … | Continue reading
This year, we’ve made a number of improvements focused on simplifying the enablement process for code scanning. We started back in January with the release of default setup, which allows you to automatically enable code scanning on a repository in just a few clicks. We then gave … | Continue reading
Over 15 years ago, GitHub started as a Ruby on Rails application with a single MySQL database. Since then, GitHub has evolved its MySQL architecture to meet the scaling and resiliency needs of the platform—including building for high availability, implementing testing automation, … | Continue reading
GitHub Actions is not just your average CI/CD and automation tool. Integrated natively in the GitHub Enterprise platform, Actions adds the “flow” into developer workflow. Designed with developers in mind, GitHub Actions balances the extensibility and flexibility required to quick … | Continue reading
The GitHub Innovation Graph showcases data on eight metrics about public software development activity on GitHub: Git pushes, repositories, developers, organizations, programming languages, licenses, topics, and economic collaborators. The Innovation Graph is updated quarterly wi … | Continue reading
In this follow-up to my previous blog post, I’ll explain how to exploit CVE-2023-43641 (a memory corruption vulnerability in libcue) to create a reliable 1-click RCE on Ubuntu 23.04 and Fedora 38. I have also published the source code of the proof of concept. To quickly recap the … | Continue reading
Earlier this year, it seemed like every headline or dinner conversation was earmarked by the buzzwords “generative AI.” And while 2023 has been a benchmark year for the adoption of generative AI, it’s not entirely a new technology. Arguably, AI has been around since the ‘60s, but … | Continue reading
GitHub Enterprise Server 3.11 is now generally available. With this version, customers have access to tools and features that provide a better understanding and visibility into the security of their code. Highlights of this version include: Scale your application security testing … | Continue reading
When you hear the words, “quantum computing,” it sounds like something out of a science fiction movie. Yet in recent years, quantum computing has become a hot topic, especially in the world of cryptography. Post-quantum cryptography raises many questions and challenges, and a gro … | Continue reading
‘Tis the season to celebrate the programmer, the debugger, and the coffee-fueled late-night coder in your life! If you’re on the hunt for the perfect holiday gifts for the developer who has it all, look no further (or if you’re that developer, send this on). We’ve curated a list … | Continue reading
This is abridged content from July 2023’s Insider newsletter. Like what you see? Sign up to receive complete, unabridged content in your inbox every month. Sign up now > Welcome to our rebranded GitHub Insider newsletter with tips, technical guides, and best practices to help y … | Continue reading
Introduction In July, the GitHub Security Lab team conducted a collaborative review of one of our favorite software pieces. While it’s not uncommon for our Security Lab researchers to work together on audits and research projects, we found that conducting team audits occasionally … | Continue reading
Nonprofits and social sector open source projects need your help! One of the reasons that I joined GitHub was for the potential to activate a community of developers to make the world a better place. Among the 100+ million developers on the platform, there are passionate, caring, … | Continue reading
The open source Git project just released Git 2.43 with features and bug fixes from over 80 contributors, 17 of them new. We last caught up with you on the latest in Git back when 2.42 was released. To celebrate this most recent release, here is GitHub’s look at some of the most … | Continue reading
GitHub Actions, which enables developers to automate, customize, and execute software development workflows right from their repositories, has been gaining in popularity with developers. GitHub’s latest Octoverse report highlights this trend, revealing a 169% increase in GitHub A … | Continue reading
I’ve been a developer my entire career and I know what it takes to get the job done. You have to love to build. You have to love to experiment. And you have to think beyond today. As a leader, I’ve learned that to foster that passion, organizations need to prioritize DevEx, which … | Continue reading
In October, we experienced two incidents that resulted in degraded performance across GitHub services. October 17 10:59 UTC (lasting 2 hours and 49 minutes) From 10:59 UTC to 13:48 UTC on October 17, GitHub Codespaces service was degraded due to an outage in authentication. This … | Continue reading
The GitHub Awards celebrates the outstanding contributions and achievements in the developer community by honoring individuals, projects, and organizations for creating an outsized positive impact on the community. We announced the award winners at GitHub Universe 2023, but here’ … | Continue reading
In March, we shared our vision of a new future of software development with Copilot X, where AI infuses every step of the developer lifecycle. Since then, we’ve been working to scale and mature the underlying technology–and in the process we created something even bigger. Our vis … | Continue reading
What does it mean for a new technology to go mainstream? First released in 2005, Git was still a new open source version control system when we founded GitHub. Today, Git is a foundational element of the modern developer experience—93% of developers use it to build and deploy sof … | Continue reading
At GitHub, we’re focused on reducing workflow friction. Nowhere is this more important than when it comes to security. Developers need the ability to proactively secure their code right where it’s created—instead of testing for and remediating vulnerabilities after the fact. Embe … | Continue reading
In just a few days, our global community of developers will come together for GitHub Universe. The annual conference includes an in-person experience at the Yerba Buena Center for the Arts in San Francisco as well as a free virtual experience. We’ve included accessibility in the … | Continue reading
We expect open source developers to drive the next wave of innovation on GitHub, including AI. GitHub’s vibrant networks of open source software require people and communities to keep them running. However, perceptions and expectations that open source projects can continue to pr … | Continue reading
It’s the moment you’ve all been waiting for. Are you ready? The theme for this year’s Game Off is SCALE! Verb to climb up something steep, such as a wall, building, or mountain. to change the size of something e.g. make something smaller (scale down) or increase the size, amo … | Continue reading
Being the home for 100 million developers is a privilege and responsibility. As part of our company mission to accelerate human progress through developer collaboration, we are dedicated to supporting a developer community that reflects the world we live in, as well as championin … | Continue reading
As the home for all developers, GitHub is committed to providing a safe, open, and inclusive platform for code collaboration. We take a developer-first approach to content moderation centered on minimizing the disruption of software projects, protecting developer privacy, and bei … | Continue reading
As Hacktoberfest comes to a close, you still have a day or so left to complete and submit your pull requests. If you’re struggling to think of projects to contribute to, our picks below might help you. This edition of the Release Radar covers a few projects that shipped major ver … | Continue reading
We want to empower you to experiment with LLM models, build your own applications, and discover untapped problem spaces. That’s why we sat down with GitHub’s Alireza Goudarzi, a senior machine learning researcher, and Albert Ziegler, a principal machine learning engineer, to disc … | Continue reading
As Halloween approaches, I have a special treat for you: some short, sweet, and spooktacular games lovingly crafted during game jams such as Ludum Dare and Godot Wild Jam. All mixing programming languages like JavaScript and Haxe, game engines like Godot and Unity, and all sorts … | Continue reading
Large language models (LLMs) are revolutionizing the way we interact with software by combining deep learning techniques with powerful computational resources. While this technology is exciting, many are also concerned about how LLMs can generate false, outdated, or problematic i … | Continue reading
As early adopters of new technologies and practices, developers are often bellwethers of business landscape change. That’s why, at GitHub, we believe that the more businesses can understand what developers need to thrive, the better they can support the rest of their organization … | Continue reading
The README on your GitHub profile acts like a front door to your work, skills, and professional self, so it’s important that everyone who visits your profile can read and understand it. In this post, we’ll be sharing some tips to help you make your README more accessible. Making … | Continue reading
The GitHub bug bounty team is excited to close out Cybersecurity Awareness Month with another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program, @Ammar Askar! As home to over 100 million developers and 372 million repositories, … | Continue reading
Today, we’re releasing the Contributors GitHub Action, a tool for gaining insight into your project’s or organization’s contributors. Understanding and appreciating your contributors is a fundamental aspect of maintaining a healthy and thriving open source project. Our newly laun … | Continue reading
In the ever-evolving software development landscape, static application security solutions face a unique challenge: as applications grow in complexity, they rely heavily on a diverse array of libraries, frameworks, and custom code. Ensuring the security of such intricate systems … | Continue reading
For the first time ever, the GitHub Universe team partnered with GitHub product experts, speakers, and GitHub Stars to launch curated agendas to help you navigate all of the Universe sessions. These agendas compile sessions for specific products, topics, and careers, like enginee … | Continue reading
Way back in October 2020, Atlassian announced that they would be ending support for their Server products—including Bitbucket Server—on February 15, 2024. The clock has been ticking away, and now it’s just three months until deprecation day. If you’re using Bitbucket Server for y … | Continue reading
In this post I’ll exploit CVE-2023-4069, a type confusion vulnerability that I reported in July 2023. The vulnerability—which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site—is found in v8, the Javascript engine of Chrome … | Continue reading
When I think about large codebases, the repositories for Microsoft Windows and Office are top of mind. When Microsoft began migrating these codebases to Git in 2017, they contained 3.5M files and a full clone was more than 300GB. The scale of that repository was so much bigger th … | Continue reading
js13kGames is an annual online game development competition that challenges participants to create a themed HTML5 game using only 13 kilobytes of JavaScript. It was founded by GitHub Star Andrzej Mazur aka @end3r and has been running since 2012, attracting developers from around … | Continue reading
Skilling 5,000 people in the next two years in open source As the global home for all developers, we are uniquely positioned to lower barriers to entry in open source and help close gaps in representation in tech more broadly. We believe that by working together with our partners … | Continue reading
In September, we experienced two incidents that resulted in degraded performance across GitHub services. September 5 16:24 UTC (lasting 19 minutes) On September 5, from 16:24-16:43 UTC, multiple GitHub services were down or degraded due to an outage in one of our primary database … | Continue reading
Centrally managed policies are hard CI/CD best practices are easy to talk about and hard to implement. For example, teams want to avoid surprises before deploying code but often stop short of introducing centrally managed policies to help protect their repositories. Let’s face it … | Continue reading
Today, we’re releasing new research on GitHub Copilot Chat. By using the power of natural language, developers in our study used GitHub Copilot Chat to get real-time guidance, tips, troubleshooting, remediation, and solutions tailored to their specific coding challenges—all in re … | Continue reading