Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
Justin Hutchings
April 28, 2022
5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
Brian Douglas
April 22, 2022
Your guide to GitHub InFocus: Improving the way software development teams work in 2022
We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work.
Jeimy Ruiz
April 21, 2022
Highlights from Git 2.36
Another new release of Git is here! Take a look at some of our highlights on what's new in Git 2.36.
Taylor Blau
April 18, 2022
What’s new in GitHub Discussions: Organization Discussions, polls, and more
Today, we’re excited to bring you a few new features that will help you communicate, collaborate, and connect seamlessly with teams and communities about the software you’re building with the help of GitHub Discussions.
Evi Liu
April 12, 2022
Save time with partial re-runs in GitHub Actions
It is now possible to re-run only failed jobs or a single job in GitHub Actions workflows.
Cameron Booth
March 16, 2022
Latest posts
GitHub Desktop 3.0 brings better integration for your pull requests
GitHub Desktop 3.0 brings better integration with your GitHub Pull Requests. You can now receive real time notifications and review the status of your check runs for your pull request.
Sergio Padrino
April 26, 2022
The friend zone: friendly forks 101
This is the first post in a two-part series describing friendly forks and alternative strategies for managing them. Stay tuned for part two coming in May!
Lessley Dennington
April 25, 2022
Celebrating 40 years of ZX Spectrum ❤️ 💛 💚 💙
The ZX Spectrum, one of the best-selling microcomputers of all time, celebrates its 40 years anniversary today. Read more about how the community is still active - creating new content, archiving old content, and hacking on all sorts of hardware.
Lee Reilly
April 23, 2022
Removing the stigma of a CVE
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.
Madison Oliver
April 22, 2022
Engineering
The friend zone: friendly forks 101
This is the first post in a two-part series describing friendly forks and alternative strategies for managing them. Stay tuned for part two coming in May!
Lessley Dennington
April 25, 2022
Improving Git push times through faster server side hooks
The history of pre-receive hooks, how we discovered that the performance was problematic, and how we went about safely replacing them.
Codespaces for multi-repository and monorepo scenarios
We’re releasing exciting improvements that will streamline your Codespaces experience when working with multi-repository projects and monorepos.
Sharing security expertise through CodeQL packs (Part I)
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
Community
Celebrating 40 years of ZX Spectrum ❤️ 💛 💚 💙
The ZX Spectrum, one of the best-selling microcomputers of all time, celebrates its 40 years anniversary today. Read more about how the community is still active - creating new content, archiving old content, and hacking on all sorts of hardware.
Lee Reilly
April 23, 2022
What’s new in GitHub Discussions: Organization Discussions, polls, and more
Today, we’re excited to bring you a few new features that will help you communicate, collaborate, and connect seamlessly with teams and communities about the software you’re building with the help of GitHub Discussions.
Release Radar · March 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…
Career tips for beginner developers
Advice on fundamentals, picking languages to learn, social media presence, interviewing, and more
Trending stories
1
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.
2
Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
3
GitHub Desktop 3.0 brings better integration for your pull requests
GitHub Desktop 3.0 brings better integration with your GitHub Pull Requests. You can now receive real time notifications and review the status of your check runs for your pull request.
4
Our response to the war in Ukraine
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.
5
Improving Git protocol security on GitHub
We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline.
6
Git security vulnerability announced
Upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine.
Product
Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
Justin Hutchings
April 28, 2022
GitHub Desktop 3.0 brings better integration for your pull requests
GitHub Desktop 3.0 brings better integration with your GitHub Pull Requests. You can now receive real time notifications and review the status of your check runs for your pull request.
5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
Organization profiles leading the way
Organization profiles can now display custom content visible only to members of the organization. A new Member view can be tailored to show an alternative README and pinned private repositories.
Dependabot alerts now surface if your code is calling a vulnerability
Today, we're shipping a new feature for Dependabot alerts which helps you better understand how you're affected by a vulnerability.
What’s new in GitHub Discussions: Organization Discussions, polls, and more
Today, we’re excited to bring you a few new features that will help you communicate, collaborate, and connect seamlessly with teams and communities about the software you’re building with the help of GitHub Discussions.
Prevent the introduction of known vulnerabilities into your code
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.
Security
Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
Justin Hutchings
April 28, 2022
Removing the stigma of a CVE
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.
5 simple things every developer can do to ship more secure code
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
Sharing security expertise through CodeQL packs (Part I)
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.
Dependabot alerts now surface if your code is calling a vulnerability
Today, we're shipping a new feature for Dependabot alerts which helps you better understand how you're affected by a vulnerability.
Git security vulnerability announced
Upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine.
Open Source
The friend zone: friendly forks 101
This is the first post in a two-part series describing friendly forks and alternative strategies for managing them. Stay tuned for part two coming in May!
Lessley Dennington
April 25, 2022
Celebrating 40 years of ZX Spectrum ❤️ 💛 💚 💙
The ZX Spectrum, one of the best-selling microcomputers of all time, celebrates its 40 years anniversary today. Read more about how the community is still active - creating new content, archiving old content, and hacking on all sorts of hardware.
Lee Reilly
April 23, 2022
Highlights from Git 2.36
Another new release of Git is here! Take a look at some of our highlights on what's new in Git 2.36.
Taylor Blau
April 18, 2022
Dependabot alerts now surface if your code is calling a vulnerability
Today, we're shipping a new feature for Dependabot alerts which helps you better understand how you're affected by a vulnerability.
Erin Havens
April 14, 2022
Performance at GitHub: deferring stats with rack.after_reply
How we sped up GitHub.com by moving slow, non-critical code into rack.after_reply.
blakewilliams
April 11, 2022
Enterprise
Your guide to GitHub InFocus: Improving the way software development teams work in 2022
We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work.
GitHub Availability Report: March 2022
In March, we experienced several incidents resulting in significant impact to multiple GitHub services.
Proactively prevent secret leaks with GitHub Advanced Security secret scanning
Organizations with GitHub Advanced Security can now proactively protect against secret leaks with secret scanning’s new push protection feature.
Education
Career tips for beginner developers
Advice on fundamentals, picking languages to learn, social media presence, interviewing, and more
Unlock all the GitHub secrets within .Tech Domains newest experience: Break The Code 2!
GitHub Education is fired up for the return of .Tech Domains developer community competition: Break The Code 2. We've hacked in some new enigmas, cheat codes, and easter eggs for digital sleuths to uncover!
Announcing the 2022 MLH Fellowship Cohort, powered by GitHub
The MLH Fellowship, powered by GitHub, is a 12-week internship alternative for aspiring software engineers. Meet the 2022 cohort!
Policy
Our response to the war in Ukraine
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.
2021 Transparency Report
In GitHub's latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal.
Open source creates value, but how do you measure it?
When digital infrastructure is overlooked by governments, it isn't just a missed opportunity: policies may inadvertently endanger open source collaboration.
Company
GitHub Desktop 3.0 brings better integration for your pull requests
GitHub Desktop 3.0 brings better integration with your GitHub Pull Requests. You can now receive real time notifications and review the status of your check runs for your pull request.
Git security vulnerability announced
Upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine.
4 ways we use GitHub Actions to build GitHub
From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.