How we use Dependabot to secure GitHub
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
GitHub Blog Search
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
The history of pre-receive hooks, how we discovered that the performance was problematic, and how we went about safely replacing them.
How we sped up GitHub.com by moving slow, non-critical code into rack.after_reply.
Practical tips on how to apply OWASP Top 10 Proactive Control C4.
A picture tells a thousand words. Now you can quickly create and edit diagrams in markdown using words with Mermaid support in your Markdown files.
A deep dive into how GitHub adds support for new languages to CodeQL.
In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.
Codespaces is a great tool for technical hiring exercises and helps level the playing field for candidates.
The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo.
In 2019, to meet GitHub's growth and availability challenges, we set a plan in motion to improve our tooling and ability to partition relational databases.
Applications are now open for the MLH Fellowship: GitHub Externship Track. Apply by September 13.
Ensuring that software copyright allegations are specific and actionable benefits the entire developer ecosystem. That’s why GitHub submitted a “friend of the court” brief in the SAS Institute, Inc. v. World Programming Ltd. case before a Federal Court of Appeals.
Over the past months, we’ve left our macOS model behind and moved to Codespaces for the majority of GitHub.com development.
Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.
GitHub’s bug bounty program is now a mature component of how we improve product security. We're excited to highlight some achievements (and interesting vulnerabilities)!
We recently set about creating a framework and service for automatically generating social sharing images for repositories and other resources on GitHub.
Over the years, GitHub engineers have developed many ways to observe how our systems behave. We mostly make use of statsd for metrics, the syslog format for plain text logs…
At GitHub, we pride ourselves on delivering a first-class developer experience. A considerable part of our work is on our front end, which we strive to keep as lightweight, fast,…
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…
On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is…
The world runs on software, and a large portion of it, especially the open source software that’s part of everything we experience, is built by millions of developers on GitHub…