To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.
GitHub’s team delves into answering the question “what are operations roles in the development and operations (DevOps) environments”. From automating the role of QA in DevOps and more for smaller, faster delivery cycles.
The year 2020 has upended nearly every aspect of society. In a panel for GitHub Satellite back in May, we briefly covered some of the ways in which our social…
Dependabot already updates your public dependencies, such as open source dependencies from a public GitHub repository, npm, Maven Central, or similar. Now, you can also update dependencies from private GitHub…
Change is inevitable, and this year, it has been inescapable. We’ve had to find new ways to relate, learn, and balance both work and life at home. One thing has…
GitHub has the privilege of partnering with thousands of organizations to improve their DevOps practices, from established enterprises transforming the way they work to born-in-the-cloud businesses. We often connect developers,…
The Digital Millennium Copyright Act (DMCA) is a 22-year old United States law meant to strike a complicated balance between art, code, and speech on the net — impacting users…
You can now more easily opt-in to the public beta of GitHub Packages’ improved containers experience. New users and organizations can opt-in to the beta for their organization using either…
Today we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a Digital Millennium Copyright Act (DMCA) takedown.
If your organization uses IP allow lists to restrict access, GitHub Packages now respects those settings.
Today in America, it’s Veterans Day, a federal holiday to honor those who have served in the U.S. Armed Forces. As a veteran myself, I know that honoring veterans is…
In October, we experienced one incident resulting in significant impact and degraded state of availability for multiple services.
This is the second post in our series on DevOps fundamentals. For a guide to what DevOps is and answers to common DevOps myths check out part one. What role…
Using deferred compliance in GitHub’s CI process to improve developer productivity.
An introduction to our blog series on GitHub’s investments in technical excellence.
In this blog post we demonstrate how to integrate the GitHub Advanced Security code scanning capability into our Azure DevOps Pipelines. We provide code snippets and examples that can guide you or your developers working to integrate Code Scanning into any 3rd Party CI tool.
We have updated how webhooks on repositories, organizations, and apps can be configured via the API. We have a new configuration resource for full or partial updates to any or…
API Generally Available The GitHub Apps API for managing installations has now graduated from an API preview to a generally available API. The preview header is no longer required to…
How GitHub measures and improves reliability, security, and developer happiness with automated deployments.
November 3 is election day in the U.S. Early voting is available in most states. If you haven’t yet, make a plan to vote. If you’re an employer in the…
@demetris11 embarks on a journey of curiosity and discovery in her new role overseeing DI&B strategy at GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
