The latest blogs from GitHub

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.

We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.

Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests.

Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language.

Code navigation is now available in PRs, and code navigation results for Python are now more precise.

Today, we are rolling out a technology preview for GitHub code search, the next iteration for search, discovery, and navigation on GitHub.

GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories.

Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.

This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.

The end of the year is getting closer, and our communities are busy working away on their projects. While you’ve all been busy maintaining open source projects and shipping releases,…

In November, we experienced one incident resulting in significant impact and degraded state of availability for multiple services.

You can multiply the impact of your domain experts by building their common workflows into ChatOps.

Are you a student in India? Applications are open for the GitHub Externships Winter Cohort!

From learning YAML to scripting with Bash, here are a few simple tips for developers who want to speed up their workflows.

DRY your Actions configuration with reusable workflows (and more!)

GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.

OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project.

Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.