GitHub Blog Search
On September 27, 2023, we began blocking npm package publishes with differing name or version fields between the manifest and tarball package.json. This blocking protects against obfuscation. The different fields…
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!
All GitHub.com users can now register a passkey to sign in without a password.
Easily customize code scanning using CodeQL model packs for Java (beta)
Custom auto-triage rules for Dependabot alerts (public beta)
Dependency review support for dependency submission results
Rust continues to top the charts as the most admired and desired language by developers, and in this post, we dive a little deeper into how (and why) Rust is stealing the hearts of developers around the world.
Now, you can group multiple version updates in a single pull request.
Grouped version updates for Dependabot are generally available
Deprecation - Dependabot updates drop support for Python 3.6 and 3.7
After the last Release Radar, I promised the next one wouldn't be far away, so here it is. This is the low down on some of the best open source…
Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.
Group Dependabot Version Updates by Development or Production Dependencies
Learn about how we build containerized services that power microservices on the GitHub.com platform and many internal tools.
This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023.
Sharing our coalition paper to inform the final negotiation of the EU AI Act.
Navigating the ebb and flow of programming paradigms–from the shifts in the JavaScript ecosystem and TypeScript's rise, to AI's role in advancing accessibility, and strategies for encouraging non-code contributions–tune in to the latest episode of The ReadME Podcast for more.
Have your say to protect open source in the EU.
Grouped version updates for Dependabot public beta
