GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
GitHub Blog Search
Search Results for: Ecosystem
The Social Sector is Contributing to the Broader OSS Ecosystem
As the world becomes more interconnected and complicated, so too does the expanse of open source ecosystems. While the majority of open source software (OSS) lies with corporate technology companies,…
Building together: GitHub partner ecosystem continues to grow
We detail the great momentum we’ve had with our partners at GitHub this past year, building a healthy ecosystem aimed at making our users more productive.
Security best practices for authors of GitHub Actions
Improve your GitHub Action’s security posture by securing your source repository, protecting your maintainers, and making it easy to report security incidents.
Celebrating the GitHub Awards 2023 recipients 🎉
The GitHub Awards recognizes and celebrates the outstanding contributions and achievements in the developer community, honoring individuals, projects, and organizations for their impactful work, innovation, thought leadership, and creating an outsized positive impact on the community.
Universe 2023: Copilot transforms GitHub into the AI-powered developer platform
GitHub is announcing general availability of GitHub Copilot Chat and previews of the new GitHub Copilot Enterprise offering, new AI-powered security features, and the GitHub Copilot Partner Program.
Octoverse: The state of open source and rise of AI in 2023
In this year’s Octoverse report, we study how open source activity around AI, the cloud, and Git are changing the developer experience.
Diversity, inclusion, and belonging at GitHub in 2023
We expanded diversity of our employee base, launched several new employee engagement programs, made investments to improve accessibility, and more.
Accelerate your CI/CD with Arm-based hosted runners in GitHub Actions
Accelerate your CI/CD with Arm-based hosted runners in GitHub Actions
Dependabot user-defined rules for security updates and alerts; enforcement of auto-triage rules and presets for organizations (public beta)
Dependabot user-defined rules for security updates and alerts; enforcement of auto-triage rules and presets for organizations (public beta)
Cybersecurity spotlight on bug bounty researcher @Ammar Askar
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!
How to gain insight into your project contributors
We're excited to share with you the contributors Action! At GitHub, we maintain several open source repositories and have developed this Action to empower maintainers to measure how many new and returning contributors and contributions have occurred over any given time period.
Measuring Git performance with OpenTelemetry
Use our new open source Trace2 receiver component and OpenTelemetry to capture and visualize telemetry from your Git commands.
Skilling African developers through All In Africa
All In Africa is a gateway to growth, learning, and meaningful connections within the African open source ecosystem and beyond.
Sponsors is expanding
GitHub Sponsors has partnered with Patreon. We’re also expanding to new regions.
3 strategies to expand your threat model and secure your supply chain
How to get the security basics right at your organization.
Cybersecurity spotlight on bug bounty researcher @inspector-ambitious
For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
Block npm package publishes when names and versions don’t match between manifest and tarball package.json
On September 27, 2023, we began blocking npm package publishes with differing name or version fields between the manifest and tarball package.json. This blocking protects against obfuscation. The different fields…
The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!
Passkeys are generally available
All GitHub.com users can now register a passkey to sign in without a password.