Search results for: Ecosystem

GitHub Marketplace just passed 10,000 published actions! Learn about contributing to this growing open source ecosystem.

If you are posting or editing a draft repository Security Advisory and the vulnerability impacts multiple packages and/or ecosystems, you can now identify all applicable affected products in the advisory.…

Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.

Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.

macOS Big Sur (11) became generally available on GitHub-hosted runners in August 2021. Over the next 8 weeks, jobs using the macos-latest runner label will migrate from Catalina (10.15) to…

Filtered files on the Pull Request Files Changed tab are now completely hidden from view (not just collapsed). This helps decrease distractions and lets you focus on just the files…

The GitHub Advisory Database now includes curated Rust advisories. This brings the Advisory Database to eight supported ecosystems, including: Composer (PHP), Go, Maven, npm, NuGet, pip, and RubyGems. Support for…

We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem!

We put out a call to open source developers and security researchers to talk about the security vulnerability disclosure process. Here’s what we found.

Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.

Ensuring that software copyright allegations are specific and actionable benefits the entire developer ecosystem. That’s why GitHub submitted a “friend of the court” brief in the SAS Institute, Inc. v. World Programming Ltd. case before a Federal Court of Appeals.

macOS 11 Big Sur is now generally available on GitHub-hosted runners. Use GitHub Actions to build and publish apps for the latest Apple ecosystem by updating your workflows to include…

Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.

GitHub’s Developer Defense Fund will enable independent legal support from the Stanford Juelsgaard Clinic to review and handle appropriate DMCA cases for developers on GitHub and across the software ecosystem.

GitHub’s supply chain security features are now available for Go modules, which will help the Go community discover, report, and prevent security vulnerabilities.

Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.…

GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and…

One month ago, we started a discussion with the community about proposed revisions to clarify GitHub’s policies on security research, malware, and exploits with the goal to enable, welcome, and…

Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to…

The GitHub Advisory Database now includes sixty curated Go advisories and will continue to grow as we curate existing and new advisories for the Go ecosystem. The addition of Go…

Today we’re introducing The ReadME Podcast, a GitHub podcast that takes a peek behind the curtain of some of the most impactful open source projects, and the developers who make…