Search results for: Ecosystem

You can now use the REST API to get global security advisories from the Advisory Database. This makes it easy to get access to the Advisory Database’s free, open source…

This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023.

Sharing our coalition paper to inform the final negotiation of the EU AI Act.

Navigating the ebb and flow of programming paradigms–from the shifts in the JavaScript ecosystem and TypeScript’s rise, to AI’s role in advancing accessibility, and strategies for encouraging non-code contributions–tune in to the latest episode of The ReadME Podcast for more.

Have your say to protect open source in the EU.

Dependabot version updates helps you keep your dependencies up-to-date by opening pull requests when dependencies can be upgraded. With today’s release, you can now group version updates by dependency name.…

Today at Collision Conference we unveiled breaking new research on the economic and productivity impact of generative AI–powered developer tools. The research found that the increase in developer productivity due to AI could boost global GDP by over $1.5 trillion.

The United States Patent and Trademark Office (USPTO) recently proposed rule changes that will make it harder to challenge low quality patents. Without the ability to quickly and efficiently challenge wrongly granted patents, innovation and developers suffer.

Starting today, you will now receive Dependabot alerts for vulnerabilities associated with your Swift dependencies. The GitHub Advisory Database now includes curated Swift advisories. This brings the Advisory Database to…

Explore how investing in a better developer experience frees developers to do what matters most: building great software.

We’ve launched the beta of code scanning support for Swift. This launch, paired with our launch of Kotlin support in November, means that CodeQL covers both IOS and Android development languages, bringing a heightened level of security to the mobile application development process.

Creating an open source project can feel a bit like sending out an open invite to a party—will it be a roaring good time, or will you unbegrudginly dine on…

A new alert rules engine for Dependabot leverages alert metadata to identify and auto-dismiss up to 15% of alerts as false positives.

Are you looking for ways to support open source maintainers? Maintainer Month is the perfect opportunity!

How to verifiably link npm packages to their source repository and build instructions.

GitHub is proud to join 40 companies endorsing the Cybersecurity Tech Accord principles limiting offensive operations in cyberspace.

Meet the projects that make up the first GitHub Accelerator cohort and learn about how GitHub is helping bring their visions to reality.

Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!

Many of us are aware of the benefits that a strong focus on automation can bring, particularly in our development workflow and DevOps lifecycle. But silos across businesses can lead to duplication of effort, and potential to lose out on best practices. In this post, we’ll explore how CI/CD can be shared across your entire organization alongside policies, for a well-governed experience with GitHub Actions.

GitHub Sponsors is now generally available for organizations. Also, new tooling for bulk sponsorships and an update on how we’re ensuring sustainability for GitHub Sponsors.

We’re looking forward to working with policymakers to improve cybersecurity and support developers.