The latest blogs from GitHub

Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.

In May, we experienced four incidents that resulted in degraded performance across GitHub services. This report also sheds light into three April incidents that resulted in degraded performance across GitHub services.

We surveyed 500 U.S.-based developers at companies with 1,000-plus employees about how managers should consider developer productivity, collaboration, and AI coding tools.

GitHub’s VIP Bug Bounty Program has been updated to include a clear and accessible criteria for receiving an invitation to the program and more. Learn more about the program and how you can become a Hacktocat, and join our community of researchers who are contributing to GitHub’s security with fun perks and access to staff and beta features!

The accessibility-alt-text-bot leaves automated reminders in a comment when a user shares an image without providing meaningful alt text.

With GitHub Enterprise Importer, you can seamlessly move to GitHub Enterprise Cloud, bringing your code and collaboration history with you so your team doesn’t miss a beat.

Maintainer Month is a time for open source maintainers to gather, share, and be celebrated. Over 31 days, 16 organizations came together to offer 42 activities convening and celebrating maintainers.

Explore how investing in a better developer experience frees developers to do what matters most: building great software.

Take part in All in for Maintainers’ new pilot program that helps open source project maintainers highlight ongoing efforts in advancing diversity, equity, and inclusion within their communities.

We’ve launched the beta of code scanning support for Swift. This launch, paired with our launch of Kotlin support in November, means that CodeQL covers both IOS and Android development languages, bringing a heightened level of security to the mobile application development process.

A tool to help you keep your open source catalog organized and up to date.

Could we use our Git repository as the source of truth for operational tasks, and somehow reconcile changes with our real-world view?

Experts explain how to recruit and onboard co-maintainers.

The open-source Git project just released Git 2.41. Take a look at our highlights on what’s new in Git 2.41.

Help quantify the state of enterprise open source by taking the 2023 OSPO survey.

In this blog, I’ll look at CVE-2022-46395, a variant of CVE-2022-36449 (Project Zero issue 2327), and use it to gain arbitrary kernel code execution and root privileges from the untrusted app domain on an Android phone that uses the Arm Mali GPU. I’ll also explain how root cause analysis of CVE-2022-36449 led to the discovery of CVE-2022-46395.

Low-code enables developers and non-developers to build custom applications and solutions with less effort. In this blog, we show you how to automate your low-code deployments using GitHub Actions.

In this special episode of The ReadME Podcast, dedicated to GitHub’s Maintainer Month, Kelsey Hightower joins hosts Martin Woodward and Neha Batra to discuss his philosophy on fostering thriving open source communities and the importance of empathy to a maintainer’s success.

GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.

Here’s what you need to know to write a compelling session proposal and get on stage.

GitHub is the home for all developers and on this Global Accessibility Awareness Day we are thrilled to celebrate the achievements of disabled developers and recent ships that help them build on GitHub.