GitHub’s top 10 blog posts of 2021
As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.
As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.
Advisory Database now includes an Unreviewed Advisories section
Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one’s for you.
On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.
GitHub Actions: Changes to permissions in workflows triggered by Dependabot
GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories.
Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.
GitHub Actions: Workflows triggered by Dependabot receive dependabot secrets
From learning YAML to scripting with Bash, here are a few simple tips for developers who want to speed up their workflows.
DRY your Actions configuration with reusable workflows (and more!)
The OpenID Connect (OIDC) support for secure cloud deployments with GitHub Actions is now generally available.You can configure your workflows to request short-lived access tokens that are automatically rotated for…
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project.
The latest release of the CodeQL CLI supports including markdown-rendered query help in SARIF files so that the help text can be viewed in the code scanning UI. This functionality…
A recap of all the GitHub Education news from Universe 2021, including the new Intro to Web Dev Experience.
A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.