New sponsors-only repositories, custom amounts, and more
Along with the release of sponsors-only repositories, here’s a look at what’s new and what’s next for Sponsors. ⌘ Read more

Code scanning and Ruby: turning source code into a queryable database
A deep dive into how GitHub adds support for new languages to CodeQL. ⌘ Read more

Top-100 npm package maintainers now require 2FA, and additional security-focused improvements to npm
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents. ⌘ Read more

Dependency graph now supports GitHub Actions
The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions! ⌘ Read more

2021 Transparency Report
In GitHub’s latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal. ⌘ Read more

Thinking beyond SQL injection: OWASP tips for secure database access
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance. ⌘ Read more

Get ready for Campus TV Season 2: 🌱 New Beginnings
Learn new skills, build projects and meet like-minded students with the latest shows from the GitHub Education Stream Team. ⌘ Read more

Highlights from Git 2.35
The open source Git project just released Git 2.35. Here’s GitHub’s look at some of the most interesting features and changes introduced since last time. ⌘ Read more

Release Radar · December 2021 Edition
Many of us were wrapping up projects, emails, events, and getting ready for Christmas. While we were all busy getting ready for the festive season, our community was still hard at work shipping open source ⌘ Read more

Open source creates value, but how do you measure it?
When digital infrastructure is overlooked by governments, it isn’t just a missed opportunity: policies may inadvertently endanger open source collaboration. ⌘ Read more

Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google. ⌘ Read more

How open source is supporting NASA’s new eyes in space
With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science. ⌘ Read more

Top-rated entries from Game Off 2021
Here are the top games created in our annual game jam as rated and reviewed by the developers that made them. Game On! 🤘🏻 ⌘ Read more

How five open source communities are using GitHub Discussions
From answering questions about a new release to fielding feature requests, here’s how five open source communities use GitHub Discussions. ⌘ Read more

The Open Source Software Security Summit: securing the world’s code together
My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit to share how securing open source begins by empowering developers. ⌘ Read more

How we ship GitHub Mobile every week
Learn how the GitHub Mobile Team automates their release process with GitHub Actions. ⌘ Read more

GitHub Availability Report: December 2021
In December, we experienced no incidents resulting in service downtime to our core services. ⌘ Read more

How the community powers GitHub Advanced Security with CodeQL queries
The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community. ⌘ Read more

GitHub’s top 10 blog posts of 2021
As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers. ⌘ Read more

How GitHub contributed to the Santa Clara Principles update
GitHub was honored to contribute to the Santa Clara Principles on Transparency and Accountability in Content Moderation 2.0. ⌘ Read more

How to leverage security frameworks and libraries for secure code
In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries. ⌘ Read more

Getting started with GitHub Actions just got easier!
When you want to create a workflow in the Actions tab of your repository, the recommendations are now based on an analysis of repo content. ⌘ Read more

Technical interviews via Codespaces
Codespaces is a great tool for technical hiring exercises and helps level the playing field for candidates. ⌘ Read more

5 automations every developer should be running
Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one’s for you. ⌘ Read more

A brief history of code search at GitHub
This blog post tells the story of why we built a new search engine optimized for code. ⌘ Read more

Using GitHub’s security features to help identify Log4j exposure in your codebase
Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories. ⌘ Read more

How to define security requirements for your OSS project
Defining your security requirements is the most important proactive control you can implement for your project. Here’s how. ⌘ Read more

GitHub’s response to Log4j vulnerability CVE-2021-44228
On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228. ⌘ Read more

What’s new from GitHub Changelog? November 2021 recap
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links. ⌘ Read more

GitHub at the UN Internet Governance Forum
Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests. ⌘ Read more

Introducing stack graphs
Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language. ⌘ Read more

Precise code navigation for Python, and code navigation in pull requests
Code navigation is now available in PRs, and code navigation results for Python are now more precise. ⌘ Read more

Improving GitHub code search
Today, we are rolling out a technology preview for GitHub code search, the next iteration for search, discovery, and navigation on GitHub. ⌘ Read more

GitHub Enterprise Server 3.3 is generally available
GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories. ⌘ Read more

Enrolling all npm publishers in enhanced login verification and next steps for two-factor authentication enforcement
Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7. ⌘ Read more

Write more secure code with the OWASP Top 10 Proactive Controls
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place. ⌘ Read more

Safeguard your containers with new container signing capability in GitHub Actions
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow. ⌘ Read more

Release Radar · November 2021 Edition
The end of the year is getting closer, and our communities are busy working away on their projects. While you’ve all been busy maintaining open source projects and shipping releases, we’ve created a new open ⌘ Read more

GitHub Availability Report: November 2021
In November, we experienced one incident resulting in significant impact and degraded state of availability for multiple services. ⌘ Read more

Using ChatOps to help Actions on-call engineers
You can multiply the impact of your domain experts by building their common workflows into ChatOps. ⌘ Read more

GitHub Externships: enabling India’s next generation of developers
Are you a student in India? Applications are open for the GitHub Externships Winter Cohort! ⌘ Read more

5 DevOps tips to speed up your developer workflow
From learning YAML to scripting with Bash, here are a few simple tips for developers who want to speed up their workflows. ⌘ Read more

GitHub Actions: reusable workflows is generally available
DRY your Actions configuration with reusable workflows (and more!) ⌘ Read more

Secure deployments with OpenID Connect & GitHub Actions now generally available
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens. ⌘ Read more

How to squash bugs by enrolling in OSS-Fuzz
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project. ⌘ Read more

The Copyright Office expands your security research rights
Recently, the Copyright Office responded to the calls to clarify the scope of protected security research. ⌘ Read more

Accelerate security adoption in your organization
The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way. ⌘ Read more

In case you missed it, GitHub Education at Universe 2021!
A recap of all the GitHub Education news from Universe 2021, including the new Intro to Web Dev Experience. ⌘ Read more

What’s new from GitHub Changelog? October 2021 recap
A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more. ⌘ Read more

7 advanced workflow automation features with GitHub Actions
Check out some advanced automation and CI/CD capabilities you can use today with GitHub Actions on any GitHub account. ⌘ Read more