Search results for: Ecosystem

The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.

Dependabot now supports updates to Python dependencies for pyproject.toml files that follow the PEP 621 standard for our supported Python package managers. Learn more about Dependabot’s supported ecosystems and package…

Dependabot now supports now supports the increase-if-necessary versioning strategy for the Python ecosystem. This allows you to reduce Dependabot version updates when your current dependency requirement is already satisfied by…

Dependabot has added support for updating dependencies in Yarn v2 and Yarn v3 manifests (package.json, and yarn.lock files). This is in addition to the existing support for Yarn v1. There…

GitHub Actions changed how developers automate workflows with GitHub. Today, we’re introducing a new navigation to manage your GitHub Actions experience, improving discoverability and accessibility as well as opening up future feature opportunities.

GitHub is sponsoring Open Source Initiative’s Deep Dive: AI because we think it’s important for the community to unpack how open source software, process, and principles can help best deliver on the promise of AI.

New to Git v2.38, Scalar is a built-in repository manager for large repos. Here, we’ll tell the story of how Scalar went from a rough VFS for Git successor to a fully-integrated Git tool, with all of the engineering lessons learned in the process.

We’re excited that the World Intellectual Property Organization (WIPO) has launched the 2022 edition of its Global Innovation Index (GII) with an indicator of developer creative outputs based on GitHub commits.

Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.

macOS 12 became generally available on GitHub-hosted runners in June 2022. Over the next 10 weeks, jobs using the macos-latest runner label will migrate from macOS 11 to 12. During…

We’re launching GitHub for Startups to give your startup the tools needed to go from idea to unicorn status on the world’s largest developer platform.

On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.

Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building.

We’re taking a look at two commonly-used security tools and detailing how they can help secure your projects.

Read the new GitHub report on OSS in India, Kenya, Egypt, and Mexico. Available now in English, and in Spanish and Arabic later this year.

This fifth and final part of our blog series exploring Git’s internals shows several strategies for scaling your Git repositories that match related database sharding techniques.

Now your team can spend less time managing infrastructure and more time writing code.

Whether you’re committing 30 minutes or 3 hours a day to learning, consistency is key. Klint Finley asks 3 tech professionals at different stages in their career for more advice.

This month’s featured open source project, Open Sauced, connects contributors and maintainers through analytical insights.

The GitHub Advisory Database now includes curated security advisories for vulnerabilities on GitHub Actions. This brings the Advisory Database to ten supported ecosystems, including: Composer, Go, Hex, Maven, npm, NuGet,…

GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.