GitHub Sponsors is now available in beta for projects to receive sponsorship as a team. If you’re part of an open source project with a corporate or non-profit entity and bank account, you can sign up for the waitlist today.
GitHub Advisory Database
The GitHub Advisory Database is a new experience that allows you to browse or search for the vulnerabilities that GitHub knows about. The database contains all curated CVEs and security advisories which have been mapped to a package tracked by the GitHub dependency graph. CVE numbers will also automatically be linked from within issues and pull requests back to the Advisory Database (e.g. typing CVE-2019-13611 will automatically link to this entry in the database).
Did you know? This data can also be accessed programmatically using the SecurityAdvisory API. Try the following query in our GraphQL Explorer:
query {
securityAdvisories(orderBy: {field: PUBLISHED_AT, direction: DESC}, first: 2) {
nodes {
description
ghsaId
summary
publishedAt
}
}
}Learn more about the GitHub Advisory Database
We’re renaming GitHub Package Registry (GPR) to GitHub Packages. This change is reflected on GitHub.com, in the APIs and webhooks:
– There is a new PackageEvent in the Events API which replaces the existing event RegistryPackageEvent.
– There is a new package webhook which replaces the existing registry_package webhook.
– The GraphQL API schema is also changing to reflect the new name.