Search results for: Ecosystem

GitHub Sponsors expands globally with 30 newly supported regions, bringing the total to 68.

New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.

New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph.

The GitHub Advisory Database now includes curated security advisories on Erlang [Hex], Elixir, and more. This brings the Advisory Database to nine supported ecosystems, including: Composer, Go, Maven, npm, NuGet,…

We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.

The open source Git project just released Git 2.37. Take a look at some of our highlights from the latest release.

The GitHub Sponsors Explore page, which lists your sponsorable dependencies, has been updated with improved functionality. See how many of your or your organization’s dependencies come from a single maintainer,…

Today, we’re shipping a new filter for the Dependabot alerts list view. In the alerts list view, you can now filter for scope:development or scope:runtime. Alerts for development dependencies also…

Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities

To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.

Learn why the GitHub Design Infrastructure team built a dedicated color tool and how they use it to create new color palettes for GitHub.

We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States.

June’s Open Source Monthly features Modos–a community-focused company building software and hardware that designs digital devices with respect for users’ time, attention, and well-being.

The macOS 12 Actions runner image is now generally available. Start using GitHub Actions to build and publish apps for the Apple ecosystem with the latest version of Xcode by…

When you visit the GitHub Advisory Database, you can now search for any historical advisory recognized by the National Vulnerability Database. Previously, we only displayed advisories from our supported ecosystems.…

A personal story about building the feature you want and sharing it with the world.

In February 2022, we launched a new feature called community contributions to security advisories. We have made a handful of changes to the UX based on your feedback: Fixed the…

GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities.

GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.

GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away!

Dependabot alerts now show all affected files if your repository code is calling known vulnerable functions from the dependency’s vulnerability. Previously, we only highlighted one of these matches on an…