Search results for: Ecosystem

We expanded diversity of our employee base, launched several new employee engagement programs, made investments to improve accessibility, and more.

Arm-based hosted runners are coming to GitHub Actions! Unlock the power of Arm in Actions By leveraging the power and efficiency of the Arm® architecture, GitHub is offering a new…

Auto-triage rules are a powerful tool to help you reduce alert and pull request fatigue substantially, while better managing your alerts at scale. What’s changing? Starting today, you can define…

We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!

We’re excited to share with you the contributors Action! At GitHub, we maintain several open source repositories and have developed this Action to empower maintainers to measure how many new and returning contributors and contributions have occurred over any given time period.

Use our new open source Trace2 receiver component and OpenTelemetry to capture and visualize telemetry from your Git commands.

All In Africa is a gateway to growth, learning, and meaningful connections within the African open source ecosystem and beyond.

GitHub Sponsors has partnered with Patreon. We’re also expanding to new regions.

How to get the security basics right at your organization.

For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!

On September 27, 2023, we began blocking npm package publishes with differing name or version fields between the manifest and tarball package.json. This blocking protects against obfuscation. The different fields…

The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!

All GitHub.com users can now register a passkey to sign in without a password.

With CodeQL model packs for Java, users can improve their code scanning results by ensuring that any custom Java libraries and frameworks used by their codebase are recognised by CodeQL.…

Make quick work of alerts with preset and custom rules.

Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. Starting today, you can now create your…

Dependency review now works with your dependencies from the dependency submission API. Dependency review enforces policies around vulnerabilities and acceptable licenses in the pull request. Previously, dependency review could not…

Rust continues to top the charts as the most admired and desired language by developers, and in this post, we dive a little deeper into how (and why) Rust is stealing the hearts of developers around the world.

Now, you can group multiple version updates in a single pull request.

Dependabot version updates help you keep your dependencies up-to-date by opening pull requests when dependencies can be upgraded. With today’s release, you can now use flexible grouping options in dependabot.yml…

As of August 17, 2023, Dependabot updates no longer support Python 3.6 or 3.7, which have reached their end-of-life. If your code uses these versions, Dependabot will no longer be…