Search results for: Ecosystem

GitHub’s supply chain security features are now available for Go modules, which will help the Go community discover, report, and prevent security vulnerabilities.

Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.…

GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and…

One month ago, we started a discussion with the community about proposed revisions to clarify GitHub’s policies on security research, malware, and exploits with the goal to enable, welcome, and…

Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to…

The GitHub Advisory Database now includes sixty curated Go advisories and will continue to grow as we curate existing and new advisories for the Go ecosystem. The addition of Go…

Today we’re introducing The ReadME Podcast, a GitHub podcast that takes a peek behind the curtain of some of the most impactful open source projects, and the developers who make…

GitHub has been at the forefront of security key adoption for many years. We were an early adopter of Universal 2nd Factor (“U2F”) and were also one of the first…

Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the…

At GitHub, we believe in the extraordinary potential and power of a diverse, collaborative developer community to accelerate human progress. Just look at the first-ever powered flight on another planet…

The modern internet was built on a legal framework of safe harbors for user-generated content. These safe harbors are widely credited with having enabled global internet innovation by protecting online…

If you’re an open source maintainer, you know that keeping the wheels of the open source ecosystem turning is quite a task. Project maintenance is uniquely challenging and rewarding work.…

Millions of repos use Dependabot to keep their dependencies up to date, either by updating when a Dependabot alert lets them know about a vulnerable dependency (security updates), or on…

A year ago, we were celebrating the launch of GitHub India to serve the third largest developer community on GitHub. Today, I am thrilled to welcome GitHub Satellite to India…

Understanding the movement of ‘single source’ companies from ‘open source’ to ‘source available’ licenses In the last nine months since joining GitHub’s policy team, I’ve been asked repeatedly about a…

Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…

Dependabot can now access dependencies from authenticated private registries, such as GitHub Packages, Azure Artifacts, and Artifactory. These private registries are similar to their public equivalents, but they require authentication…

The world runs on software, and a large portion of it, especially the open source software that’s part of everything we experience, is built by millions of developers on GitHub…

As technology transforms the global economy, Dr. Bernice King, the CEO of the King Center for Nonviolent Social Change, is striving to make sure these new economic opportunities are available…

Developers know the value of openness, and increasingly policymakers are taking note. Open source and open standards approaches offer promising solutions to mounting policy problems related to digital sovereignty. One…

Students crave hands-on experience, and companies look for developers who can contribute to existing projects. As the home to the world’s largest community of developers, we have the great responsibility…