
How to leverage security frameworks and libraries for secure code
In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.
In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.
Codespaces is a great tool for technical hiring exercises and helps level the playing field for candidates.
The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo.
In 2019, to meet GitHub’s growth and availability challenges, we set a plan in motion to improve our tooling and ability to partition relational databases.
Applications are now open for the MLH Fellowship: GitHub Externship Track. Apply by September 13.
Ensuring that software copyright allegations are specific and actionable benefits the entire developer ecosystem. That’s why GitHub submitted a “friend of the court” brief in the SAS Institute, Inc. v. World Programming Ltd. case before a Federal Court of Appeals.
Over the past months, we’ve left our macOS model behind and moved to Codespaces for the majority of GitHub.com development.
Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.
GitHub’s bug bounty program is now a mature component of how we improve product security. We’re excited to highlight some achievements (and interesting vulnerabilities)!
We recently set about creating a framework and service for automatically generating social sharing images for repositories and other resources on GitHub.
Over the years, GitHub engineers have developed many ways to observe how our systems behave. We mostly make use of statsd for metrics, the syslog format for plain text logs…
At GitHub, we pride ourselves on delivering a first-class developer experience. A considerable part of our work is on our front end, which we strive to keep as lightweight, fast,…
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…
On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is…
The world runs on software, and a large portion of it, especially the open source software that’s part of everything we experience, is built by millions of developers on GitHub…
This post is the fifth installment of our five-part series on building GitHub’s new homepage: How our globe is built How we collect and use the data behind the globe…
Last week, we described how we improved the deployment experience for github.com. When we describe deployments at GitHub, the deployment experience is an important part of what it takes to ship applications to production, especially at GitHub’s scale, but there is more to it: the actual deployment mechanics need to be fast and reliable.
GitHub’s engineering group moved from a monolithic, hero-based on-call rotation to a more balanced on-call culture in order to increase our on-call expertise and improve the experience for our customers.
This is the second post in a series about how we built our new homepage. How our globe is built How we collect and use the data behind the globe…
Using deferred compliance in GitHub’s CI process to improve developer productivity.
A lot of work went into figuring out how to sync a public and private docs repo.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.