GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
GitHub Blog Search
Search Results for: Ecosystem
The Social Sector is Contributing to the Broader OSS Ecosystem
As the world becomes more interconnected and complicated, so too does the expanse of open source ecosystems. While the majority of open source software (OSS) lies with corporate technology companies,…
Building together: GitHub partner ecosystem continues to grow
We detail the great momentum we’ve had with our partners at GitHub this past year, building a healthy ecosystem aimed at making our users more productive.
GitHub Actions: Jobs running on `macos-latest` are now running on macOS 12
GitHub Actions: Jobs running on `macos-latest` are now running on macOS 12
GitHub for Startups is generally available
We’re launching GitHub for Startups to give your startup the tools needed to go from idea to unicorn status on the world's largest developer platform.
Security alert: new phishing campaign targets GitHub users
On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.
5 tips for prioritizing Dependabot alerts
Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building.
SCA vs SAST: what are they and which one is right for you?
We’re taking a look at two commonly-used security tools and detailing how they can help secure your projects.
Research: open source software in India, Kenya, Egypt, and Mexico
Read the new GitHub report on OSS in India, Kenya, Egypt, and Mexico. Available now in English, and in Spanish and Arabic later this year.
Git’s database internals V: scalability
This fifth and final part of our blog series exploring Git's internals shows several strategies for scaling your Git repositories that match related database sharding techniques.
GitHub Actions: introducing the new, larger GitHub-hosted runners beta
Now your team can spend less time managing infrastructure and more time writing code.
Keeping your skillset fresh as a developer
Whether you’re committing 30 minutes or 3 hours a day to learning, consistency is key. Klint Finley asks 3 tech professionals at different stages in their career for more advice.
Open Source Monthly: August 2022 Edition
This month's featured open source project, Open Sauced, connects contributors and maintainers through analytical insights.
Advisory Database supports GitHub Actions advisories
Advisory Database supports GitHub Actions advisories
Dependabot now alerts for vulnerable GitHub Actions
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
5 simple things you can do with GitHub Packages to level up your workflows
From hosting private packages in a private repository to tightening your security profile with GITHUB_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages.
Introducing the new npm Dependency Selector Syntax
Introducing the new npm Dependency Selector Syntax
Marketing for maintainers: Promote your project to users and contributors
Marketing your open source project can be intimidating, but three experts share their insider tips and tricks for how to get your hard work on the right people’s radars.
GitHub Sponsors available in 30 new regions
GitHub Sponsors expands globally with 30 newly supported regions, bringing the total to 68.
Introducing even more security enhancements to npm
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.