The latest blogs from GitHub

GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.

OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project.

Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.

A recap of all the GitHub Education news from Universe 2021, including the new Intro to Web Dev Experience.

A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.

Check out some advanced automation and CI/CD capabilities you can use today with GitHub Actions on any GitHub account.

In this post, I’ll use three bugs that I reported to Qualcomm in the NPU (neural processing unit) driver to gain arbitrary kernel code execution as root user and disable SELinux from the untrusted app sandbox in an Android phone.

GitHub puts the needs of developers at the core of our content moderation policies. Learn more about our approach and how you can contribute.

All newly created GraphQL objects now have IDs that conform to a new format, which we refer to as “next IDs.” Learn how to migrate older IDs to the new format and why we’re making the change.

The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.

The State of the Octoverse analyzes data from millions of developers & repos to share trends across working habits, productivity, and career satisfaction.

We’re sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.

To celebrate this most recent release, here’s GitHub’s look at some of the most interesting features and changes introduced since last time.

What an incredible month it’s been for GitHub and our communities. Whilst we’ve been busy with GitHub Universe, our communities have been busy coding. It’s been a successful year for…

During Universe, we received a number of security questions ranging from our strategy to our advisories. Here’s what we’ve got planned!

Here are a few ways our teams use GitHub Discussions internally to build community, simplify workflows, and get key insights into our work.

The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo.

This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode.

When you’re fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.

In October, we experienced one incident resulting in significant impact and degraded state of availability for the GitHub Codespaces service.