The GitHub Blog: Product News and Updates

March 15, 2021

Dependabot ❤️s private dependencies

Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant that internal libraries, shared design

Mike McDonald

March 11, 2021

Client apps

Scripting with GitHub CLI

It has been a year since we’ve launched the first public release of GitHub CLI. Since, we have added functionality to manage your repositories, comment on issues, enable auto-merge for pull requests, securely configure secret

Mislav Marohnić

March 9, 2021

GitHub Discussions now available for private repositories

In December 2020, we launched the public beta of GitHub Discussions, a collaborative communication forum that allows community members to ask and answer questions, share updates, and have open-ended conversations. Since then, Discussions has been

Evi Liu

March 9, 2021

Git clone vulnerability announced

Today, the Git project released new versions to address CVE-2021-21300: a security vulnerability in the delayed checkout mechanism used by Git LFS during git clone operations affecting versions 2.15 and newer. These updates address an

Taylor Blau

March 8, 2021

GitHub security update: A bug related to handling of authenticated sessions

Why did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution

Mike Hanley

March 4, 2021

4 things you didn’t know you could do with GitHub Actions

GitHub Actions is a powerful platform that empowers your team to go from code to cloud, all from the comfort of your repositories. In this post, I’ll walk through a few examples of how you

Brian Douglas

March 2, 2021

GitHub Security Lab Capture the Flag: A call to hacktion

Save the date! March 17 to 21, take your chance with the GitHub CTF “A Call to Hacktion!” What is a CTF? In software security, a Capture the Flag (CTF) is a contest where participants

Bas Alberts

February 25, 2021

The little bug that couldn’t: Securing OpenSSL

Software security doesn’t end at the boundaries of your own code. The moment a library dependency is introduced, you’re adopting other people’s code and any bugs that come with it. Code review and good software

Agustin Gianni

February 16, 2021

GitHub Enterprise Server 3.0 is now generally available

Today we’re announcing general availability of GitHub Enterprise Server 3.0. Introduced during the GitHub Universe 2020 keynote, it’s the biggest ever change to Enterprise Server. Every company using GitHub can now safely and securely take

Maya Ross

February 12, 2021

Avoiding npm substitution attacks

Supply chain attacks are a reality in modern software development. Thankfully, you can reduce the attack surface by taking precautions and being thoughtful about how you manage your dependencies. We hope you walk away from

Isaac Z. Schlueter