Search results for: Ecosystem

GitHub has been at the forefront of security key adoption for many years. We were an early adopter of Universal 2nd Factor (“U2F”) and were also one of the first…

Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the…

At GitHub, we believe in the extraordinary potential and power of a diverse, collaborative developer community to accelerate human progress. Just look at the first-ever powered flight on another planet…

The modern internet was built on a legal framework of safe harbors for user-generated content. These safe harbors are widely credited with having enabled global internet innovation by protecting online…

If you’re an open source maintainer, you know that keeping the wheels of the open source ecosystem turning is quite a task. Project maintenance is uniquely challenging and rewarding work.…

Millions of repos use Dependabot to keep their dependencies up to date, either by updating when a Dependabot alert lets them know about a vulnerable dependency (security updates), or on…

A year ago, we were celebrating the launch of GitHub India to serve the third largest developer community on GitHub. Today, I am thrilled to welcome GitHub Satellite to India…

Understanding the movement of ‘single source’ companies from ‘open source’ to ‘source available’ licenses In the last nine months since joining GitHub’s policy team, I’ve been asked repeatedly about a…

Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…

Dependabot can now access dependencies from authenticated private registries, such as GitHub Packages, Azure Artifacts, and Artifactory. These private registries are similar to their public equivalents, but they require authentication…

The world runs on software, and a large portion of it, especially the open source software that’s part of everything we experience, is built by millions of developers on GitHub…

As technology transforms the global economy, Dr. Bernice King, the CEO of the King Center for Nonviolent Social Change, is striving to make sure these new economic opportunities are available…

Developers know the value of openness, and increasingly policymakers are taking note. Open source and open standards approaches offer promising solutions to mounting policy problems related to digital sovereignty. One…

Students crave hands-on experience, and companies look for developers who can contribute to existing projects. As the home to the world’s largest community of developers, we have the great responsibility…

Security vulnerabilities can be unpleasant to address, and that only gets worse the more you have. When you’re dealing with a large volume of vulnerabilities, you need to be able…

Dependabot version updates now support npm v7. Note that npm v7 uses the new lockfile format (“lockfileVersion”: 2). Dependabot will now respect this new format if you have installed with…

Not everyone takes a break over the festive season. Some people in the community have been busy shipping releases. So we’re here to bring you the latest and greatest releases…

At GitHub, our community is at the heart of everything we do. We want to make it easier to build the things you love, with the tools you prefer to…

After much anticipation, the npm CLI version 7 is now generally available!

Dependabot version updates now support pip-compile 5.5.0. Note that with the version update of pip-compile from 5.4.0 to 5.5.0, the formatting of “via” annotations has changed to one dependency per…

We’ve made huge advances in our security features at GitHub in 2020, with launches for code scanning, secret scanning, Dependabot version updates, dependency review, and more.