Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.
Home / Open Source / Page 11
Open Source
The vast majority of businesses today rely on open source, making it an essential part of the software industry. And millions of those projects are on GitHub. Learn about documentation, maintainers, gaming Git, licenses, and how open source positively impacts the world. You can also find information in our documentation about how to build and foster sustainable open source communities.
Top-rated entries from Game Off 2021
Here are the top games created in our annual game jam as rated and reviewed by the developers that made them. Game On! 🤘🏻
How five open source communities are using GitHub Discussions
From answering questions about a new release to fielding feature requests, here’s how five open source communities use GitHub Discussions.
The Open Source Software Security Summit: securing the world’s code together
My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.
How to define security requirements for your OSS project
Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.
Introducing stack graphs
Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language.
Enrolling all npm publishers in enhanced login verification and next steps for two-factor authentication enforcement
Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.
Write more secure code with the OWASP Top 10 Proactive Controls
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.
Release Radar · November 2021 Edition
The end of the year is getting closer, and our communities are busy working away on their projects. While you’ve all been busy maintaining open source projects and shipping releases,…
Blue-teaming for Exiv2: how to squash bugs by enrolling in OSS-Fuzz
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project.
GitHub’s commitment to npm ecosystem security
We’re sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
Highlights from Git 2.34
To celebrate this most recent release, here’s GitHub’s look at some of the most interesting features and changes introduced since last time.
Release Radar · October 2021 Edition
What an incredible month it’s been for GitHub and our communities. Whilst we’ve been busy with GitHub Universe, our communities have been busy coding. It’s been a successful year for…
Make your monorepo feel small with Git’s sparse index
The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo.
Blue-teaming for Exiv2: three rules of bug fixing for better OSS security
When you’re fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
GitHub Universe 2025
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.