Behind the scenes of GitHub Token Scanning
We've extended GitHub Token Scanning to include tokens from cloud service providers and additional credentials.
Category
Engineering
Applying machine intelligence to GitHub security alerts
Learn how we use machine learning to power and build on security alerts and make GitHub more secure.
Upgrading GitHub from Rails 3.2 to 5.2
On August 15th GitHub celebrated a major milestone: our main application is now running on the latest version of Rails: 5.2.1! 🎉 In total the project took a year and…
Towards Natural Language Semantic Code Search
Our machine learning scientists have been researching ways to enable the semantic search of code.
Removing jQuery from GitHub.com frontend
We have recently completed a milestone where we were able to drop jQuery as a dependency of the frontend code for GitHub.com. This marks the end of a gradual, years-long…
GLB: GitHub’s open source load balancer
At GitHub, we serve tens of thousands of requests every second out of our network edge, operating on GitHub's metal cloud. We've previously introduced GLB, our scalable load balancing solution…
MySQL High Availability at GitHub
GitHub uses MySQL as its main datastore for all things non-git, and its availability is critical to GitHub's operation. The site itself, GitHub's API, authentication and more, all require database…
Performance Impact of Removing OOBGC
Until last week, GitHub used an Out of Band Garbage Collector (OOBGC) in production. Since removing it, we decreased CPU time across our production machines by 10%. Let's talk about…
Using Figma designs to build the Octicons icon library
How we use Figma files to keep the Octicons icon library up to date
Four years of the GitHub Security Bug Bounty
Last month GitHub celebrated the fourth year of our Security Bug Bounty program. As we've done in the past, we're sharing some details and highlights from 2017 and looking ahead…
Improving your OSS dependency workflow with Licensed
GitHub recently open sourced Licensed in the hopes that it is as helpful to the OSS community as it has been to us. <disclaimer> 1 of 1 consulted lawyers agree,…
Measuring the many sizes of a Git repository
Is your Git repository bursting at the seams? git-sizer is a new open source tool that can tell you when your repo is getting too big. git-sizer computes various Git…
February 28th DDoS Incident Report
On Wednesday, February 28, 2018 GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack. We understand…
Weak cryptographic standards removed
Earlier today we permanently removed support for the following weak cryptographic standards on github.com and api.github.com: TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and Git connections to…
Weak cryptographic standards removal notice
Last year we announced the deprecation of several weak cryptographic standards. Then we provided a status update toward the end of last year outlining some changes we'd made to make…