The latest blogs from GitHub

In December, we experienced no incidents resulting in service downtime to our core services.

The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

GitHub was honored to contribute to the Santa Clara Principles on Transparency and Accountability in Content Moderation 2.0.

In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.

When you want to create a workflow in the Actions tab of your repository, the recommendations are now based on an analysis of repo content.

Codespaces is a great tool for technical hiring exercises and helps level the playing field for candidates.

Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one’s for you.

This blog post tells the story of why we built a new search engine optimized for code.

Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.

We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.

Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests.

Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language.

Code navigation is now available in PRs, and code navigation results for Python are now more precise.

Today, we are rolling out a technology preview for GitHub code search, the next iteration for search, discovery, and navigation on GitHub.

GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories.

Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.

This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.