Search results for: Ecosystem

This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.

Get insights on the latest trends from GitHub experts while catching up on these exciting new projects.

You can now revoke an exposed GitHub personal access token (PAT) you found outside of repositories, even if it’s not yours, to help quickly limit the impact of the exposure…

Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first.

CodeQL version 2.21.0 has been released and includes TypeScript 5.8 support, a new Java query to detect exposed Spring Boot actuators, and support for new JavaScript libraries. TypeScript 5.8 support…

Explore the iterative development journey of GitHub’s sub-issues feature. Learn how we leveraged sub-issues to build and refine sub-issues, breaking down larger tasks into smaller, manageable ones.

In celebration of MSFT’s 50th anniversary, we’re rolling out Agent Mode with MCP support to all VS Code users. We are also announcing the new GitHub Copilot Pro+ plan w/ premium requests, the general availability of models from Anthropic, Google, and OpenAI, next edit suggestions for code completions & the Copilot code review agent.

Today we’re releasing a new open source, official, local GitHub MCP Server. We’ve worked with Anthropic to rewrite their reference server in Go and improve its usability. The new server…

Following the ship of transitive labeling for npm packages, the same capabilities are now available for Maven packages: Dependabot alerts now contain a direct label if they are associated with…

A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.

For 30 years, Java has been a cornerstone of enterprise software development. Here’s why—and how to learn Java.

npm’s massive ecosystem of open source packages is one of its greatest strengths. But as a security-conscious developer, it can be tough to keep up with vulnerability reporting and updates…

Your tools. Your workflows. All within Copilot Chat. GitHub Copilot Extensions are now generally available for users across all Copilot license tiers. With Copilot Extensions, you can integrate and prompt…

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. The CodeQL engine has become faster, covers 28 more security queries,…

Discover the latest trends and insights on public software development activity on GitHub with the release of Q2 & Q3 2024 data for the Innovation Graph.

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

Learn how to modernize legacy code with GitHub Copilot with real-world examples.

Here’s your opportunity to empower the teen in your life to get a start in open source development.

Learn how to document and explain legacy code with GitHub Copilot with real-world examples.