Search results for: Ecosystem

Dependabot can now update repositories that use RubyGems, use bundler, and vendor their gems by committing the vendor/cache folder to the repo. In your Dependabot configuration file, add a vendor:…

GitHub Container Registry introduces easy sharing across organizations, fine-grained permissions, and free, anonymous access for public container images

Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.

GitHub’s dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package by parsing manifest files, so that you can better manage the security and compliance of your dependencies.

GitHub dependency insights helps both developers and security teams manage their open source security with confidence—automatically compiling relevant CVE information, aiding in OSS license compliance, and helping them better understand their OSS dependency versions.

Securing the open source supply chain is critically important for developer communities and the entire software ecosystem. In recent years, the industry has seen an uptick in the adoption of…

GitHub Actions makes it easy to automate all your software workflows, from continuous integration and delivery to issue triage and more. Whether you want to build a container, deploy a…

Background Machine Learning Operations (or MLOps) enables Data Scientists to work in a more collaborative fashion, by providing testing, lineage, versioning, and historical information in an automated way.  Because the…

This post details how an open source supply chain malware spread through build artifacts. 26 open source projects were backdoored by this malware and were actively serving backdoored code.

See what we announced at our first virtual GitHub Satellite including a full dev environment on GitHub powered by VS Code, a new way to have discussions with your communities, new ways to secure projects with code scanning and secret scanning, and more.

Now more than ever, students need opportunities to sustain their growth, using real tools, and an experienced understanding of how to work remotely and globally. With this new program, we’re helping to support the next generation of developers and the open source projects that companies use every day.

GitHub international leaders share their insights on how to work with globally distributed teams.

The GitHub engineering team shares best practices for making remote work part of your company culture.

GitHub Actions continues its community momentum and ships new features for enterprises and developers.

Learn about the legacy, architecture, and methods used to reduce 48k lines of code to 10 as we take a deep dive into GitHub’s Javascript SDK.

Learn more about the Bug Bounty program, including a recap of 2019’s bugs, our expanded scope, new features, and more.

We spoke with our latest GitHub Action Hero, Shohei Ueda, about the story behind Hugo setup, mdbook Action, and a few other projects.

Learn more about how we found ways to scale our vulnerability hunting efforts and empower others to do the same. In this post, we’ll take a deep-dive in the remediation of a security vulnerability with CERT.

We’re excited to announce that npm will be joining GitHub.

Learn about five more reasons why every enterprise should make innersource a priority in 2020.

You can now publish snapshots to the Apache Maven registry in GitHub Packages. This feature is enabled for all plans. Learn more about Packages and Apache Maven