Search results for: rails

How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.

In August, we experienced one incident that resulted in degraded performance across GitHub services.

Solving and staying ahead of problems when scaling up a system of GitHub’s size is a delicate process. Here’s a look at some of the tools in GitHub’s toolbox, and how we’ve used them to solve problems.

GitHub Staff Engineer Sarah Vessels discusses her philosophy of code review, what separates good code review from bad, her strategy for finding and reviewing code, and how to get the most from reviews of her own code.

Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.

Pushing code to GitHub is one of the most fundamental interactions that developers have with GitHub every day. Read how we have significantly improved the ability of our monolith to correctly and fully process pushes from our users.

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.17.1 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL…

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

Take CODEOWNERS and GitHub teams to the next level. Learn about how GitHub engineering solves the age old problem of who owns what.

GitHub uses MySQL to store vast amounts of relational data. This is the story of how we seamlessly upgraded our production fleet to MySQL 8.0.

Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!

The team behind GitHub Copilot shares its lessons for building an LLM app that delivers value to both individuals and enterprise users at scale.

Edge computing practitioners answer your questions about when and why to build applications at the edge.

Customers using GHES can now ensure secure development is a top priority with enhanced security and compliance controls for their repositories.

Learn how to leverage templating features in GitHub Codespaces to streamline your project setup, improve consistency, and simplify collaboration within your development team.

GitHub environments can be configured with deployment branch policies to allow-list the branches that can deploy to them. We are now security hardening these branch policies further by blocking runs…

Learn how you can structure your enterprise to get the most value out of GitHub and provide the best experience for your developers!

This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023.

Today, we are announcing that larger hosted runners for GitHub Actions are generally available for paid Team and Enterprise Cloud plans! This feature has been in public beta since September…

Could we use our Git repository as the source of truth for operational tasks, and somehow reconcile changes with our real-world view?

Design can have a significant impact on delivering accessible experiences to our users. It takes a cultural shift, dedicated experts, and permission to make progress over perfection in order to build momentum. We’ve got a long way to go, but we’re starting to see a real shift in our journey to make GitHub a true home for all developers.