GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
GitHub Blog Search
Search Results for: Ecosystem
The Social Sector is Contributing to the Broader OSS Ecosystem
As the world becomes more interconnected and complicated, so too does the expanse of open source ecosystems. While the majority of open source software (OSS) lies with corporate technology companies,…
Building together: GitHub partner ecosystem continues to grow
We detail the great momentum we’ve had with our partners at GitHub this past year, building a healthy ecosystem aimed at making our users more productive.
GitHub Advisory Database now includes Erlang and Elixir advisories
GitHub Advisory Database now includes Erlang and Elixir advisories
GitHub Advisory Database now supports Erlang and Elixir packages!
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.
Highlights from Git 2.37
The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release.
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Creating a more comprehensive dependency graph with build time detection
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
GitHub now publishes malware advisories in the GitHub Advisory Database
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
Accelerating GitHub theme creation with color tooling
Learn why the GitHub Design Infrastructure team built a dedicated color tool and how they use it to create new color palettes for GitHub.
How can the United States build its Open Source Software policy?
We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States.
Open Source Monthly: June 2022 Edition
June's Open Source Monthly features Modos–a community-focused company building software and hardware that designs digital devices with respect for users' time, attention, and well-being.
GitHub Actions: macOS 12 for GitHub-hosted runners is now generally available
GitHub Actions: macOS 12 for GitHub-hosted runners is now generally available
All historical NVD advisories are now listed on GitHub
All historical NVD advisories are now listed on GitHub
One developer’s journey bringing Dependabot to GitHub Enterprise Server
A personal story about building the feature you want and sharing it with the world.
GitHub Sponsors launches in Brazil
GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities.
GitHub Enterprise Server 3.5 is now generally available
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.
GitHub Sponsors launches in India
GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away!
Dependabot alerts show all affected files for vulnerable function calls (Python Beta)
Dependabot alerts show all affected files for vulnerable function calls (Python Beta)