Search results for: Ecosystem

Make quick work of alerts with preset and custom rules.

Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. Starting today, you can now create your…

Dependency review now works with your dependencies from the dependency submission API. Dependency review enforces policies around vulnerabilities and acceptable licenses in the pull request. Previously, dependency review could not…

Rust continues to top the charts as the most admired and desired language by developers, and in this post, we dive a little deeper into how (and why) Rust is stealing the hearts of developers around the world.

Now, you can group multiple version updates in a single pull request.

Dependabot version updates help you keep your dependencies up-to-date by opening pull requests when dependencies can be upgraded. With today’s release, you can now use flexible grouping options in dependabot.yml…

As of August 17, 2023, Dependabot updates no longer support Python 3.6 or 3.7, which have reached their end-of-life. If your code uses these versions, Dependabot will no longer be…

After the last Release Radar, I promised the next one wouldn’t be far away, so here it is. This is the low down on some of the best open source…

Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.

If you are using the Dependabot grouped version updates feature (currently in public beta), you can now group your pull requests by dependency type in ecosystems that support this. Instead…

Learn about how we build containerized services that power microservices on the GitHub.com platform and many internal tools.

You can now use the REST API to get global security advisories from the Advisory Database. This makes it easy to get access to the Advisory Database’s free, open source…

This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023.

Sharing our coalition paper to inform the final negotiation of the EU AI Act.

Navigating the ebb and flow of programming paradigms–from the shifts in the JavaScript ecosystem and TypeScript’s rise, to AI’s role in advancing accessibility, and strategies for encouraging non-code contributions–tune in to the latest episode of The ReadME Podcast for more.

Have your say to protect open source in the EU.

Dependabot version updates helps you keep your dependencies up-to-date by opening pull requests when dependencies can be upgraded. With today’s release, you can now group version updates by dependency name.…

Today at Collision Conference we unveiled breaking new research on the economic and productivity impact of generative AI–powered developer tools. The research found that the increase in developer productivity due to AI could boost global GDP by over $1.5 trillion.

The United States Patent and Trademark Office (USPTO) recently proposed rule changes that will make it harder to challenge low quality patents. Without the ability to quickly and efficiently challenge wrongly granted patents, innovation and developers suffer.

Starting today, you will now receive Dependabot alerts for vulnerabilities associated with your Swift dependencies. The GitHub Advisory Database now includes curated Swift advisories. This brings the Advisory Database to…

Explore how investing in a better developer experience frees developers to do what matters most: building great software.