GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
GitHub Blog Search
Search Results for: Ecosystem
The Social Sector is Contributing to the Broader OSS Ecosystem
As the world becomes more interconnected and complicated, so too does the expanse of open source ecosystems. While the majority of open source software (OSS) lies with corporate technology companies,…
Building together: GitHub partner ecosystem continues to grow
We detail the great momentum we’ve had with our partners at GitHub this past year, building a healthy ecosystem aimed at making our users more productive.
Partnering with EU policymakers to ensure the Cyber Resilience Act works for developers
We’re looking forward to working with policymakers to improve cybersecurity and support developers.
Dependabot version updates keeps Gradle version catalogs up-to-date
Dependabot version updates keeps Gradle version catalogs up-to-date
Don’t leave developers behind in the Section 230 debate
Developers are at the heart of our online world and at the forefront of creating solutions for global challenges, working to make the software that underpins our digital infrastructure more secure, reliable, and safe.
Raising the bar for software security: GitHub 2FA begins March 13
On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.
How to build a consistent workflow for development and operations teams
Explore how using GitHub and HashiCorp together enables enterprises to develop and ship to their customers faster and more secure with consistent workflows and actions.
ICYMI: CodeQL enhancements
Learn about CodeQL's improved user experience and enhancements that let you scan new languages, detect new types of CWEs, and perform deeper analyses of your applications.
Release Radar, Festive Edition · December 2022 – January 2023
Welcome to our special edition of the Release Radar 🎄. Between Christmas festivities, end of the year parties, Chinese New Year, or simply enjoying some time off, almost everyone has…
Dependency submission suggestions on Gradle, Maven, Scala and Mill repositories
Dependency submission suggestions on Gradle, Maven, Scala and Mill repositories
Skilling for the future: How GitHub is advancing diversity, equity, and inclusion within open source communities
In the coming months, we’re scaling, expanding, and launching new programming to further DEI within open source communities.
Action needed for GitHub Desktop and Atom users
Update to the latest version of Desktop and previous version of Atom before February 2.
Unpacking the value of open source and code collaboration
We’re more excited than ever about what the future holds and the role open source will continue to play in solving critical societal challenges.
Unlocking security updates for transitive dependencies with npm
How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.
How we use GitHub to be more productive, collaborative, and secure
Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
![[Video] How has open source changed in the last 10 years?](https://github.blog/wp-content/uploads/2022/12/CMT011-Octoverse2022.001-1.jpeg?resize=800%2C425)
[Video] How has open source changed in the last 10 years?
What’s the state of open source and how has it changed over the last decade? GitHub’s VP of Developer Relations, Martin Woodward, tackles that question and more in a 2022 keynote.
Raising the bar for software security: next steps for GitHub.com 2FA
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more about our approach, when we’ll begin our rollout, and what you can expect as we begin requiring 2FA.
New npm features for secure publishing and safe consumption
Now you can create tokens with fine-grained permissions for automating your publishing and organization management workflows. And a new code explorer allows you to view content of a package directly in the npm portal.
Dependabot now supports security updates for Dart and Flutter apps that use Pub packages
Dependabot now supports security updates for Dart and Flutter apps that use Pub packages