Open Source Monthly: August 2022 Edition
This month's featured open source project, Open Sauced, connects contributors and maintainers through analytical insights.
GitHub Blog Search
This month's featured open source project, Open Sauced, connects contributors and maintainers through analytical insights.
Advisory Database supports GitHub Actions advisories
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
From hosting private packages in a private repository to tightening your security profile with GITHUB_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages.
Introducing the new npm Dependency Selector Syntax
Marketing your open source project can be intimidating, but three experts share their insider tips and tricks for how to get your hard work on the right people’s radars.
GitHub Sponsors expands globally with 30 newly supported regions, bringing the total to 68.
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph.
GitHub Advisory Database now includes Erlang and Elixir advisories
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.
The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release.
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
Learn why the GitHub Design Infrastructure team built a dedicated color tool and how they use it to create new color palettes for GitHub.
We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States.
June's Open Source Monthly features Modos–a community-focused company building software and hardware that designs digital devices with respect for users' time, attention, and well-being.
GitHub Actions: macOS 12 for GitHub-hosted runners is now generally available