Search results for: Ecosystem

You can now use the –api-key command line option for publishing NuGet packages. This change allows you to pass your authentication token directly instead of storing it in the nuget.config…

This is the second post in our series on DevOps fundamentals. For a guide to what DevOps is and answers to common DevOps myths check out part one. What role…

This article originally appeared in TechCrunch, and is republished here with permission. The Supreme Court heard arguments October 7 in Google v. Oracle. This case raises a fundamental question for…

This is our second post on cloud deployment with containers. Looking for more? Join our upcoming GitHub Actions webcast with Sarah, Solutions Engineer Pavan Ravipati, and Senior Product Manager Kayla…

A lot of work went into figuring out how to sync a public and private docs repo.

Last week we launched code scanning out of beta and have since announced integrations with static analysis and developer security training solutions. By expanding our GitHub security ecosystem, developers can…

Last week, we launched code scanning for all open source and enterprise developers, and we promised we’d share more on our extensibility capabilities and the GitHub security ecosystem. Today, we’re…

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Today we’re excited to announce that code scanning is generally available on GitHub.com.…

Now available, code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production.

GitHub Enterprise Server 2.22 is now here with GitHub Actions, Packages and Advanced Security Code Scanning available for the very first time.

Dependabot can now update repositories that use RubyGems, use bundler, and vendor their gems by committing the vendor/cache folder to the repo. In your Dependabot configuration file, add a vendor:…

GitHub Container Registry introduces easy sharing across organizations, fine-grained permissions, and free, anonymous access for public container images

Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.

GitHub’s dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package by parsing manifest files, so that you can better manage the security and compliance of your dependencies.

GitHub dependency insights helps both developers and security teams manage their open source security with confidence—automatically compiling relevant CVE information, aiding in OSS license compliance, and helping them better understand their OSS dependency versions.

Securing the open source supply chain is critically important for developer communities and the entire software ecosystem. In recent years, the industry has seen an uptick in the adoption of…

GitHub Actions makes it easy to automate all your software workflows, from continuous integration and delivery to issue triage and more. Whether you want to build a container, deploy a…

Background Machine Learning Operations (or MLOps) enables Data Scientists to work in a more collaborative fashion, by providing testing, lineage, versioning, and historical information in an automated way.  Because the…

This post details how an open source supply chain malware spread through build artifacts. 26 open source projects were backdoored by this malware and were actively serving backdoored code.

See what we announced at our first virtual GitHub Satellite including a full dev environment on GitHub powered by VS Code, a new way to have discussions with your communities, new ways to secure projects with code scanning and secret scanning, and more.

Now more than ever, students need opportunities to sustain their growth, using real tools, and an experienced understanding of how to work remotely and globally. With this new program, we’re helping to support the next generation of developers and the open source projects that companies use every day.