Search results for: Ecosystem

Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.

Dependabot alerts now show if your repository code is calling known vulnerable functions from the dependency’s vulnerability. If your code is calling vulnerable code paths, this information is surfaced via…

Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.

Users of Dependabot version updates can now proactively update their dependencies for Flutter or Dart projects which use the pub package manager. To test version updates on your own Dart…

From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.

Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.

Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.

GitHub Enterprise Server 3.4 is now generally available for all customers. This release makes software development faster and more secure with new features like reusable workflows, Dependabot security updates, and GitHub Advanced Security enhancements.

A comprehensive guide for vulnerability reporters.

A deep dive into how GitHub adds support for new languages to CodeQL.

When digital infrastructure is overlooked by governments, it isn’t just a missed opportunity: policies may inadvertently endanger open source collaboration.

With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science.

Here are the top games created in our annual game jam as rated and reviewed by the developers that made them. Game On! 🤘🏻

As part of our ongoing commitment to npm ecosystem security, and in advance of enforcing two-factor authentication for top packages maintainers, the npm team has been hard at work improving…

Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests.

Code navigation is now available in PRs, and code navigation results for Python are now more precise.

Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.

GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.

Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

What an incredible month it’s been for GitHub and our communities. Whilst we’ve been busy with GitHub Universe, our communities have been busy coding. It’s been a successful year for…