Prebuilding codespaces is now supported for multi-repository and monorepo projects
Prebuilding codespaces is now supported for multi-repository and monorepo projects
GitHub Blog Search
Prebuilding codespaces is now supported for multi-repository and monorepo projects
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline.
Maintainers answer your questions about how to manage an open source project that grows into a community.
Monorepo performance can suffer due to the sheer number of files in your working directory. Git’s new builtin file system monitor makes it easy to speed up monorepo performance.
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
Dependabot is generally available in GitHub Enterprise Server 3.5. Here is how to set up Dependabot on your instance.
Dependency graph adds vulnerability alerting support for Rust
npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.
The innersource contribution percentage is the rate of contributions from people outside the team that originally authored the software. Let’s dive into what it can look like for your organization.
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to…
We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.
Today, we're shipping a new feature for Dependabot alerts which helps you better understand how you're affected by a vulnerability.