As technology transforms the global economy, Dr. Bernice King, the CEO of the King Center for Nonviolent Social Change, is striving to make sure these new economic opportunities are available…
Developers know the value of openness, and increasingly policymakers are taking note. Open source and open standards approaches offer promising solutions to mounting policy problems related to digital sovereignty. One…
Students crave hands-on experience, and companies look for developers who can contribute to existing projects. As the home to the world’s largest community of developers, we have the great responsibility…
Security vulnerabilities can be unpleasant to address, and that only gets worse the more you have. When you’re dealing with a large volume of vulnerabilities, you need to be able…
Not everyone takes a break over the festive season. Some people in the community have been busy shipping releases. So we're here to bring you the latest and greatest releases…
We’ve made huge advances in our security features at GitHub in 2020, with launches for code scanning, secret scanning, Dependabot version updates, dependency review, and more.
GitHub’s engineering group moved from a monolithic, hero-based on-call rotation to a more balanced on-call culture in order to increase our on-call expertise and improve the experience for our customers.
In celebrating GitHub Security Lab’s one-year anniversary, we explained that we’re expanding our research focus. Why did we make this decision? The decision stemmed from our work with the Open…
Today, GitHub joined an amicus brief in NSO v. WhatsApp, opposing the expansion of foreign sovereign immunity to private cyber-surveillance companies that act on behalf of foreign governments. GitHub joined…
Last year at GitHub Universe, we introduced the GitHub Security Lab, which is committed to contributing resources, tooling, bounties, and security research to secure the open source ecosystem. We know…
Dependency review allows you to easily understand your dependencies before you introduce them to your environment. As part of a pull request, you can see what dependencies you’re introducing, changing, or removing, and information about their vulnerabilities, age, usage, and license.
To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.
The Digital Millennium Copyright Act (DMCA) is a 22-year old United States law meant to strike a complicated balance between art, code, and speech on the net -- impacting users…