GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
GitHub Blog Search
Search Results for: Ecosystem
The Social Sector is Contributing to the Broader OSS Ecosystem
As the world becomes more interconnected and complicated, so too does the expanse of open source ecosystems. While the majority of open source software (OSS) lies with corporate technology companies,…
Building together: GitHub partner ecosystem continues to grow
We detail the great momentum we’ve had with our partners at GitHub this past year, building a healthy ecosystem aimed at making our users more productive.
Unpacking the value of open source and code collaboration
We’re more excited than ever about what the future holds and the role open source will continue to play in solving critical societal challenges.
Unlocking security updates for transitive dependencies with npm
How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.
How we use GitHub to be more productive, collaborative, and secure
Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
![[Video] How has open source changed in the last 10 years?](https://github.blog/wp-content/uploads/2022/12/CMT011-Octoverse2022.001-1.jpeg?resize=800%2C425)
[Video] How has open source changed in the last 10 years?
What’s the state of open source and how has it changed over the last decade? GitHub’s VP of Developer Relations, Martin Woodward, tackles that question and more in a 2022 keynote.
Raising the bar for software security: next steps for GitHub.com 2FA
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more about our approach, when we’ll begin our rollout, and what you can expect as we begin requiring 2FA.
New npm features for secure publishing and safe consumption
Now you can create tokens with fine-grained permissions for automating your publishing and organization management workflows. And a new code explorer allows you to view content of a package directly in the npm portal.
Dependabot now supports security updates for Dart and Flutter apps that use Pub packages
Dependabot now supports security updates for Dart and Flutter apps that use Pub packages
Dependabot security updates now supports GitHub Actions
Dependabot security updates now supports GitHub Actions
Dependabot support for self-hosted Hex repositories
Dependabot support for self-hosted Hex repositories
Octoverse 2022: 10 years of tracking open source
How is open source changing the world and impacting businesses? In this year's Octoverse report, we identified three big trends to watch.
Dependabot version updates for Docker image tags in Kubernetes manifests
Dependabot version updates for Docker image tags in Kubernetes manifests
An open source economy–built by developers, for developers
Investing in our open source future by supporting the maintainers of today.
The importance of improving supply chain security in open source
We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem.
Bringing greater financial sustainability to open source communities
We know that companies benefit from open source. That's why we’re making it easier for companies to financially support projects.
Advocating for developers to the US Copyright Office
How GitHub advocated for developer interests at the US Copyright Office technical measures consultations
GitHub partners with Arm to revolutionize Internet of Things software development with GitHub Actions
Developers creating Internet of Things software use a complex stack of software that needs to be custom built into their CI/CD platform. Arm is leveraging the simplicity and scalability of GitHub Actions with a native integration that will revolutionize IoT software development.
Creating a more inclusive security research field
A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecurity roles.