Search results for: Ecosystem

Generate and verify signed attestations for anything you make with GitHub Actions.

A11y Design Bootcamp is a live educational program that consists of exercises, discussions, and knowledge shares to raise awareness of web accessibility best practices, the role designers play in creating accessible products, and how to advocate for accessibility with cross-functional partners.

As part of GitHub’s dedication to accessibility, we expanded our internal accessibility program and scaled up our assessment process to help remove or lower barriers for users with disabilities. Then, we empowered employees from various disciplines to drive accessibility efforts within their teams.

This public beta enables developers to use a directories key to list multiple directories for the same ecosystem configuration in the dependabot.yml file. Previously, developers with multiple package manifests for…

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.

Today, we’re releasing security tool-specific filters for the security overview dashboard and secret scanning metrics page. Have you ever wondered, “How well is my organization handling SQL injections?” or “How…

This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.

Dependabot grouped security updates are now generally available. This feature automatically groups Dependabot pull requests, lets you specify several additional options to fine tune your groupings. You can enable grouped…

Today, we’re releasing a host of new insights to the security overview dashboard, as well as an enhanced secret scanning metrics page. New dashboard insights Third-party alerts integration: Beyond GitHub’s…

Previously, if you specified your private registry configuration in the dependabot.yml file and also had a configuration block for that ecosystem using the target-branch key, Dependabot security updates wouldn’t utilize…

Dependabot security updates help you keep your dependencies secure by opening pull requests when a Dependabot alert is raised. With today’s release, you can now use flexible grouping options in…

A peek under the hood of GitHub Advanced Security code scanning autofix.

Get excited for this month’s Release Radar. Maintainers were hard at work this past month, shipping major updates for you all. Read on for our top staff picks.

Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.

Our latest solution to the ubiquitous engineering problem of integration testing in a distributed service ecosystem here at GitHub.

Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!

Discover the latest trends and insights on public software development activity on GitHub with the release of Q3 2023 data for the Innovation Graph.

GitHub SDKs: software generated meets hand curated.

Take CODEOWNERS and GitHub teams to the next level. Learn about how GitHub engineering solves the age old problem of who owns what.

Learn about how we run a scalable vulnerability management program built on top of GitHub.

This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.