Search results for: community

If you’re an open source maintainer, you know that keeping the wheels of the open source ecosystem turning is quite a task. Project maintenance is uniquely challenging and rewarding work.…

You can now use setup-java v2 to download and cache binaries from different distributions, including Adopt OpenJDK and Zulu OpenJDK. With setup-java v2, you can: Add Java distributions of your…

GitHub Actions deployment reviews are now available on GitHub Mobile. You can approve or reject jobs awaiting review, view deployment status and deployed environments, and receive push notifications for requests…

GitHub Advanced Security helps you create secure applications with a community-driven, developer-first approach. Today, we are excited to announce two updates: Beta of the new security overview for organizations and…

March is Women’s History Month: a unique time to celebrate the myriad impact of women leaders, both throughout history and today. It’s also a time to reflect on the challenges…

We are taking GitHub Campus TV to the next level with the help of emerging developers! How? Students from around the world are coming together to host weekly streams on…

When it comes to security research, the path from bug to vulnerability to exploit can be a long one. Security researchers often end their research journey at the “Proof of…

You can now use GITHUB_TOKEN to authenticate with the Packages Container registry in your Actions workflows. Say goodbye to all those PATs (delete them from your profile too!), and say…

The GitHub Packages Container registry can now create and use containers set with Internal visibility. Internal visibility allows all members of an organization and all organizations within an enterprise read…

Imagine you’re in an organization with over 2,000 repositories across several different product lines. It can be daunting task to find the right project.

Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…

This article originally appeared in The New Stack, and is republished here with permission. Digital sovereignty has become a rallying cry across the globe. In 2021, open innovation will, counterintuitively,…

Understanding the movement of ‘single source’ companies from ‘open source’ to ‘source available’ licenses In the last nine months since joining GitHub’s policy team, I’ve been asked repeatedly about a…

A dimmed theme, with a more subdued UI with a little less contrast than our dark mode theme, is now available to all GitHub.com users as a public beta. This…

Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.

In this series of posts, I’ll go through the exploit of three security bugs that I reported, which, when used together, can achieve remote kernel code execution in Qualcomm’s devices by visiting a malicious website in a beta version of Chrome. In this first post, I’ll exploit a use-after-free in Qualcomm’s kgsl driver (CVE-2020-11239), a bug that I reported in July 2020 and that was fixed in January 2021, to gain arbitrary kernel code execution from the application domain.

In a recent paper written by Nicole Forsgren and her colleagues, “The SPACE of developer productivity: There’s more to it than you think,” there is an irony that is hard…

In December 2020, we launched the public beta of GitHub Discussions, a collaborative communication forum that allows community members to ask and answer questions, share updates, and have open-ended conversations.…

The open source community is always hard at work. February’s projects were super hard to pick since there are so many amazing releases. These are exciting new releases from some…

The Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary…

GitHub Actions is a powerful platform that empowers your team to go from code to cloud, all from the comfort of your repositories. In this post, I’ll walk through a…