
GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
GitHub Blog Search
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
As the world becomes more interconnected and complicated, so too does the expanse of open source ecosystems. While the majority of open source software (OSS) lies with corporate technology companies,…
We detail the great momentum we’ve had with our partners at GitHub this past year, building a healthy ecosystem aimed at making our users more productive.
GitHub Advisory Database now includes Erlang and Elixir advisories
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.
The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release.
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
Learn why the GitHub Design Infrastructure team built a dedicated color tool and how they use it to create new color palettes for GitHub.
We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States.
June's Open Source Monthly features Modos–a community-focused company building software and hardware that designs digital devices with respect for users' time, attention, and well-being.
GitHub Actions: macOS 12 for GitHub-hosted runners is now generally available
All historical NVD advisories are now listed on GitHub
A personal story about building the feature you want and sharing it with the world.
GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities.
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.
GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away!
Dependabot alerts show all affected files for vulnerable function calls (Python Beta)