The latest blogs from GitHub

We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!

We’re excited to share with you the contributors Action! At GitHub, we maintain several open source repositories and have developed this Action to empower maintainers to measure how many new and returning contributors and contributions have occurred over any given time period.

The effectiveness of a static application security solution hinges on its ability to provide extensive vulnerability coverage and support for a wide range of languages and frameworks. Today, we’re highlighting two releases that’ll help you discover more vulnerabilities in your codebase, so you can ship more secure software.

Gain actionable insights about the intersection of AI and human skills, while tackling ethics, accessibility, and productivity at these GitHub Universe sessions.

Atlassian is ending support for its Server products—including Bitbucket Server—in February 2024. In this post, you’ll learn what that means for you, your options, and how you can move to GitHub.

In this post, I’ll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

Use our new open source Trace2 receiver component and OpenTelemetry to capture and visualize telemetry from your Git commands.

The twelfth annual js13kGames coding competition, challenging participants to create games in 13kB or less of JavaScript in a month, just wrapped up. This post highlights the top thirteen entries.

If you are a student from a U.S. minority-serving institution looking to start your journey into open source, join us!

In September, we experienced two incidents that resulted in degraded performance across GitHub services.

GitHub Enterprise Cloud customers can now ensure controlled workflows run and pass before code is merged into any of its repositories.

Findings show that code quality is better across the board and developers felt more confident, too.

CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.

GitHub Copilot Chat can help you learn about accessibility and improve the accessibility of your code. In this blog, we share a sample foundational prompt that instructs GitHub Copilot Chat to become your personal AI assistant for accessibility.

All In Africa is a gateway to growth, learning, and meaningful connections within the African open source ecosystem and beyond.

Open source generative AI projects are a great way to build new AI-powered features and apps.

Learn more about how we use GitHub to build GitHub, how we turned our guiding communications principles into prescriptive practices to manage our internal communications signal-to-noise ratio, and how you can contribute to the ongoing conversation.

Secret scanning now performs validity checks for select AWS, Microsoft, Google, and Slack tokens.

GitHub Sponsors has partnered with Patreon. We’re also expanding to new regions.

How to get the security basics right at your organization.

For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!