It was another record year for our Security Bug Bounty program! We’re excited to highlight some achievements we’ve made together with the bounty community in 2022! The ninth year of GitHub’s Security Bug Bounty Program saw our program reach new heights. We’re very excited to prov … | Continue reading
Since its initial release for free public repositories earlier this year, over one-third of public repositories are leveraging secret scanning push protection to send alerts if you attempt to commit code that contains secrets. We’re thrilled by this adoption from the open source … | Continue reading
In July, we experienced one incident that resulted in degraded performance across GitHub services. July 21 13:07 UTC (lasting 59 minutes) On July 21 at 13:07 UTC, GitHub experienced a partial power outage in one of our redundant data centers, which resulted in a loss of compute c … | Continue reading
Continuous Integration and Continuous Deployment (CI/CD) software supply chains are a lucrative target for threat actors. GitHub Actions is one of the most widely used platforms for automation, making it an important target. For the past few months, the GitHub Security Lab has be … | Continue reading
After three-plus years of concepting, designing, and shipping AI-driven developer tools, GitHub is continuing to explore new ways to bring powerful AI models into the developer workflow. Along the way, we’ve learned that the most important aspect of designing AI-driven products i … | Continue reading
Want the TL;DR, or already been using GitHub for awhile? Skip to the end for a printable checklist that you can use to ensure that you’ve covered all aspects of making your repository collaboration-ready. My daughter has a pair of pet gerbils. They’re awesome, but not the most … | Continue reading
Make more informed decisions about the code you use. In the rare case where a GitHub Copilot suggestion matches public code, this update will show a list of repositories where that code appears and their licenses. Sign up for the private beta today. Over the course of the last ye … | Continue reading
When a new customer starts using GitHub Enterprise, one of the first questions they usually ask is: How do we structure the organizations within our enterprise? Even experienced GitHub administrators frequently reevaluate and seek guidance on how they should group organizations a … | Continue reading
The developer experience engineering team at GitHub works on creating safe, delightful, and inclusive solutions for GitHub engineers to efficiently code, ship, and operate software–setting an example for the world on how to build software with GitHub. To achieve this we provide o … | Continue reading
The magic of GitHub Copilot just got even better with an improved AI model and enhanced Contextual Filtering. These improvements give developers more tailored code suggestions that better align with their specific needs, and are available for both GitHub Copilot for Individuals a … | Continue reading
This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023. This blog post is not directly relate … | Continue reading
At GitHub, we perform a lot of merges and rebases in the background. For example, when you’re ready to merge your pull request, we already have the resulting merge assembled. Speeding up merge and rebase performance saves both user-visible time and backend resources. Git has rece … | Continue reading
The EU AI Act is set to become the first comprehensive AI regulation and to offer a model for policymakers around the world. But with this promise comes some risk. The Act may regulate upstream open source projects as if they are commercial products or deployed AI systems. This w … | Continue reading
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on! Engine Watch Godot 4.1 Website Sour … | Continue reading
At the beginning of the year, I started working out with a trainer who wanted me to start tracking my food, but I’ve always been super against tracking my meals because it just doesn’t work for me. Instead of tracking my meals however, I decided to build an application that autom … | Continue reading
First introduced as a technical preview in June 2021, GitHub Copilot quickly emerged as the world’s first at-scale generative AI coding tool when it became generally available in June 2022. Since then, it’s played a critical role in redefining the developer experience and undersc … | Continue reading
Protected branches have been around for a while, and we’ve made numerous improvements over time. We’ve added new rules to protect multiple branches and introduced additional permissions. However, it’s still challenging to consistently protect branches and tags throughout organiza … | Continue reading
Earlier this year, we announced GitHub Copilot X, which featured a number of technical previews designed to bring the power of generative AI and GPT-4 throughout the entire developer experience on GitHub. Today, we’re excited to take a first step in bringing GitHub Copilot X to e … | Continue reading
As a design organization, we have the opportunity to make a significant impact on designing the platform for all developers. How does the emergence of creative AI impact our work? How can we achieve an inclusive experience for a spectrum of all abilities? What does designing for … | Continue reading
Data-driven insights At GitHub, we believe that data-driven insights are the keys to success for any software development project. Understanding the health and progress of your issues, pull requests, and discussions is crucial for effective collaboration, maintainership, and proj … | Continue reading
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms, using a combination of repository invitations and malicious npm package dependencies. Many of these targeted accounts are connected to the blockchai … | Continue reading
In a blog post authored back in 2011, Marc Andreessen warned that, “Software is eating the world.” Over a decade later, we are witnessing the emergence of a new type of technology that’s consuming the world with even greater voracity: generative artificial intelligence (AI). This … | Continue reading
It’s been a while since we’ve published our Release Radar. You can blame IRL conferences coming back, getting influenza, and being struck down by the weather. But those are just me problems. While I’ve been down or travelling, the community has been hard at work shipping new rele … | Continue reading
Subscribe to The ReadME Podcast on Apple Podcasts, Spotify, or wherever you listen to podcasts. “You can have programs that type check and still throw type errors, while programs that TypeScript finds fault with might not throw type errors. Although these situations are edge case … | Continue reading
Throughout the last decade, cloud computing has disrupted the technology industry and beyond. It has opened up new ways for engineering teams to build solutions and work with end customers. Our engineering teams now have access to highly scalable infrastructure, the ability to ra … | Continue reading
In June, we experienced two incidents that resulted in degraded performance across GitHub services. June 7 16:11 UTC (lasting 2 hours 28 minutes) On June 7 at 16:11 UTC, GitHub started experiencing increasing delays in an internal job queue used to process Git pushes. Our monito … | Continue reading
Have your say to protect open source in the EU Together with the open source software community, GitHub has been working to support EU policymakers to craft the Cyber Resilience Act (CRA). The CRA seeks to improve the cybersecurity of digital products (including the 96 percent th … | Continue reading
General availability of GitHub’s merge queue means good-bye to traffic jams on your team’s busiest branches. No more rushing to merge your pull requests before someone else merges theirs . Turn on GitHub’s merge queue today and accelerate your merge velocity . Any team that is pa … | Continue reading
Most security breaches are not the product of exotic zero-day attacks but rather involve lower-cost attacks like social engineering, credential theft or leakage, and other avenues that provide attackers with a broad range of access to victim accounts and the resources they have a … | Continue reading
Effective planning and tracking is essential for developer teams of all shapes and sizes. Last year, we announced the general availability of GitHub Projects, connecting your planning directly to the work your teams are doing in GitHub. Today, we’re making GitHub Projects faster … | Continue reading
Understanding what was changed and why is vital to understanding the state of any system. This is especially true for software teams in regulated industries, as they are required to demonstrate compliance with various standards and regulations to internal and external auditors. W … | Continue reading
GitHub prides itself on being the home for all developers, including developers with disabilities. Accessibility is a core priority for all new projects at GitHub, so it was top of mind when we started our project to rework code search and the code view at GitHub. With the old co … | Continue reading
They say that developers always need to be learning. There’s seemingly endless articles on the topic, and most advise how to keep up with all the fast-paced changes of the tech world. But paradigm shifts happen while you’re busy making pull requests. What do you do when suddenly … | Continue reading
GitHub continues to invest in security, privacy, and compliance as part of our ongoing effort to be the most trusted home for all developers. As a result of that investment, GitHub’s Information Security and Privacy Management System (ISPMS) was assessed against the ISO/IEC 27701 … | Continue reading
At GitHub Security Lab, our main mission is helping secure the open source software we all rely on. While securing applications themselves is important, one of the best ways developers and system administrators can ensure the security of their systems is to create multiple layers … | Continue reading
Undergoing a platform migration and exploring the world of GitHub? It’s likely that one of your first conversations will be centered on how we can empower you to modernize your software development environment and transform your business. It’s a thrilling journey we embark on tog … | Continue reading
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on! Engine watch Text Engine Demo Sourc … | Continue reading
GitHub Enterprise Server 3.9 is now generally available. Organizations can now take advantage of more features that enable deeper collaboration, greater observability and faster workflows—so developer teams can drive more impact across enterprise environments. Here are a few high … | Continue reading
Almost one year ago, we launched GitHub Copilot to the world. At the time, it felt like a leap into the unknown: We were introducing the first at-scale AI pair programmer to the world’s developers, and were cautiously optimistic. But now I am overwhelmingly confident in the promi … | Continue reading
We are excited to release a public beta of actions-permissions, a tool which monitors your GitHub Actions workflows and recommends the minimum permissions required to run them. Every GitHub workflow receives a temporary repository access token (GITHUB_TOKEN). These tokens origina … | Continue reading
This is a guest post by GitHub Star, @end3r. Andrzej Mazur is a web game developer and technical evangelist, founder of the Enclave Games indie studio, creator of the js13kGames competition, and builder of the Gamedev.js community. The Gamedev.js community started around the year … | Continue reading
Subscribe to The ReadME Podcast on Apple Podcasts, Spotify, or wherever you listen to podcasts. “People often speak dismissively of pull requests that fix a typo or a broken link. But the friction caused by these issues distracts from the intent of your project,” says Sarah Rains … | Continue reading
Reading code is not as simple as reading the text of a file end-to-end. It is a non-linear, sometimes chaotic process of jumping between files to follow a trail, building a mental picture of how code relates to its surrounding context. GitHub’s mission is to be the home for all d … | Continue reading
Generative AI coding tools are transforming the way developers approach daily coding tasks. From documenting our codebases to generating unit tests, these tools are helping to accelerate our workflows. However, just like with any emerging tech, there’s always a learning curve. As … | Continue reading
The United States Patent and Trademark Office (USPTO) recently proposed rule changes that will make it harder to challenge low quality patents. We echo the concerns raised by the Linux Foundation and the Electronic Frontier Foundation. Without the ability to quickly and efficient … | Continue reading
GitHub’s redesigned navigation is enabled for all users as a public beta. Millions of users build with GitHub every day, and we’re constantly working to make the platform user-friendly, more accessible, and an integral part of your workflow. To that end, GitHub has introduced a b … | Continue reading
CodeQL is a static analysis tool that can be used to automatically scan your applications for vulnerabilities and to assist with a manual code review. In this blog, we will look closer at CodeQL and how to write CodeQL queries. Below, we include voluntary challenges, but it is hi … | Continue reading
In May, we experienced four incidents that resulted in degraded performance across GitHub services. This report also sheds light into three April incidents that resulted in degraded performance across GitHub services. April 26 23:11 UTC (lasting 51 minutes) On April 25 at 23:11 U … | Continue reading