The latest blogs from GitHub

Below are my prepared remarks delivered at the EU Open Source Policy Summit in Brussels on Feb 3rd.

Explore how the GitHub Docs team uses GitHub Projects for content coordination, reviews, and publishing.

What if developers want to leverage branch deployments but don’t have a full ChatOps stack integrated with their repositories? We wanted to set out to find a way for all developers to be able to take advantage of branch deployments with ease, right from their GitHub repository, and so the branch-deploy Action was born!

The DEI Resource Hub is a vetted collection of resources, tools, and best practices designed to help open source maintainers create and maintain inclusive and diverse open source communities.

We’re taking a look at how open source software has evolved on GitHub, and how the role of a maintainer and contributor has changed alongside the massive growth in open source software.

In January, we experienced two incidents, one that resulted in degraded performance for Packages and Pages and another that impacted Git users.

In the coming months, we’re scaling, expanding, and launching new programming to further DEI within open source communities.

Update to the latest version of Desktop and previous version of Atom before February 2.

Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.

Laying the groundwork for developer-enabled compliance.

There are now 100 million developers around the world using GitHub. Here’s what this means—and why it’s just the beginning.

We’re excited to share the newest addition to our GitHub Bug Bounty Program!

It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit that used this vulnerability to gain arbitrary kernel code execution and root on a Pixel 6 from an Android app.

We’re more excited than ever about what the future holds and the role open source will continue to play in solving critical societal challenges.

On January 8, 2024, GitHub will remove support for Subversion.

How to tap into the power of GitHub Actions from anywhere with GitHub Mobile!

How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.

When teams work cross-functionally, good things happen. See how our teams use GitHub Projects to coordinate and ship new products and features.

GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.

Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.

Git users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.