GitHub Availability Report: February 2025
In February, we experienced two incidents that resulted in degraded performance across GitHub services.

The post GitHub Availability Report: February 2025 appeared first on The GitHub Blog. ⌘ Read more

Why Java endures: The foundation of modern enterprise development
For 30 years, Java has been a cornerstone of enterprise software development. Here’s why—and how to learn Java.

The post Why Java endures: The foundation of modern enterprise development appeared first on The GitHub Blog. ⌘ Read more

Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.

The post Full exposure: A practical approach to handling sensitive data leaks appeared first on [The GitHu … ⌘ Read more

Four steps toward building an open source community
Three maintainers talk about how they fostered their open source communities.

The post Four steps toward building an open source community appeared first on The GitHub Blog. ⌘ Read more

Video: How to run dependency audits with GitHub Copilot
Learn to automate dependency management using GitHub Copilot, GitHub Actions, and Dependabot to eliminate manual checks, improve security, and save time for what really matters.

The post Video: How to run dependency audits with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Not just for developers: How product and security teams can use GitHub Copilot
GitHub Copilot isn’t just for developers! Discover how product managers, security professionals, scrum masters, and more use GitHub Copilot to streamline tasks, automate workflows, and boost productivity across teams.

The post [Not just for developers: How product and security teams can use GitHub Copilot](https://github.blog/ai-and-ml/github-copilot/not-just-for-dev … ⌘ Read more

Finding leaked passwords with AI: How we built Copilot secret scanning
Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context. This blog post will explore the technical challenges we faced with building the feature and the novel and creative ways we solved them.

The post [Finding leaked passwords with AI: How we built Copilot secret scanning](https … ⌘ Read more

GitHub for Beginners: How to get started with GitHub Copilot
Get started with GitHub Copilot and navigate features like Copilot Chat in this installment of the GitHub for Beginners series.

The post GitHub for Beginners: How to get started with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Community managers in action: Leading a developer community for good
GitHub’s Digital Public Goods Open Source Community Manager Program just wrapped up a second successful year, helping Community Managers gain experience in using open source for good.

The post Community managers in action: Leading a developer community for good appeared … ⌘ Read more

How to debug code with GitHub Copilot
GitHub Copilot can streamline your debugging process by troubleshooting in your IDE, analyzing pull requests, and more, helping you tackle issues faster and more robustly.

The post How to debug code with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Engaging with the developer community on our approach to content moderation
We share the full year 2024 data update on our Transparency Center and highlight how developers can engage with us on our site policies and content moderation.

The post [Engaging with the developer community on our approach to content moderation](https://github.blog/news-insights/policy-news-and-insights/engaging-with-the-developer-community-on-our-approach- … ⌘ Read more

Support the open source projects you love this Valentine’s Day
Show your appreciation to the open-source projects you love. You can help provide much-needed support to the critical but often underfunded projects that keep your infrastructure running smoothly. And remember—every day is a perfect day to support open source! 💖

The post [Support the open source projects you love this Valentine’s Day](https://github.blog/open-source/support-the-open-source-projects-you-love-thi … ⌘ Read more

GitHub Availability Report: January 2025
In January, we experienced two incidents that resulted in degraded performance across GitHub services.

The post GitHub Availability Report: January 2025 appeared first on The GitHub Blog. ⌘ Read more

How GitHub uses CodeQL to secure GitHub
How GitHub’s Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.

The post How GitHub uses CodeQL to secure GitHub appeared first on The GitHub Blog. ⌘ Read more

How to refactor code with GitHub Copilot
Discover how to use GitHub Copilot to refactor your code and see samples of it in action.

The post How to refactor code with GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA
The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.

The post [From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA](https://github.blog/security/from-finding-to-fixing-github-advanced-security-integrates … ⌘ Read more

GitHub Copilot: The agent awakens
Introducing agent mode for GitHub Copilot in VS Code, announcing the general availability of Copilot Edits, and providing a first look at our SWE agent.

The post GitHub Copilot: The agent awakens appeared first on The GitHub Blog. ⌘ Read more

5 tips for promoting your open source project
Three open source experts offer their advice on sharing open source projects with the world.

The post 5 tips for promoting your open source project appeared first on The GitHub Blog. ⌘ Read more

4 steps to building a natural language search tool
Empowering humanitarian action with open source: A natural language search tool for UN Resolutions.

The post 4 steps to building a natural language search tool appeared first on The GitHub Blog. ⌘ Read more

Cybersecurity researchers: Digital detectives in a connected world
Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world.

The post Cybersecurity researchers: Digital detectives in a connected world appeared first … ⌘ Read more

Considerations for making a tree view component accessible
A deep dive on the work that went into making the component that powers repository and pull request file trees.

The post Considerations for making a tree view component accessible appeared first on The GitHub Blog. ⌘ Read more

Open source AI is already finding its way into production
Open source AI models are in widespread use, enabling developers around the world to build custom AI solutions and host them where they choose.

The post Open source AI is already finding its way into production appeared first on The GitHub Blog. ⌘ Read more

New to open source? Here’s everything you need to get started
Explore our simple guide to finding projects, understanding guidelines, and making an impact.

The post New to open source? Here’s everything you need to get started appeared first on The GitHub Blog. ⌘ Read more

That’s a wrap: GitHub Innovation Graph in 2024
Discover the latest trends and insights on public software development activity on GitHub with the release of Q2 & Q3 2024 data for the Innovation Graph.

The post That’s a wrap: GitHub Innovation Graph in 2024 appeared first on The GitHub Blog. ⌘ Read more

Attacks on Maven proxy repositories
Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

The post Attacks on Maven proxy repositories appeared first on The GitHub Blog. ⌘ Read more

Modernizing legacy code with GitHub Copilot: Tips and examples
Learn how to modernize legacy code with GitHub Copilot with real-world examples.

The post Modernizing legacy code with GitHub Copilot: Tips and examples appeared first on The GitHub Blog. ⌘ Read more

Seven years of open source: A more secure and diverse ecosystem
Explore insights into open source community growth, innovation, and inclusivity with an updated survey dataset.

The post Seven years of open source: A more secure and diverse ecosystem appeared first on The GitHub Blog. ⌘ Read more

How we evaluate models for GitHub Copilot
We share some of the GitHub Copilot team’s experience evaluating AI models, with a focus on our offline evaluations—the tests we run before making any change to our production environment.

The post How we evaluate models for GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more

Supporting the next generation of developers
Here’s your opportunity to empower the teen in your life to get a start in open source development.

The post Supporting the next generation of developers appeared first on The GitHub Blog. ⌘ Read more

GitHub Availability Report: December 2024
In December, we experienced two incidents that resulted in degraded performance across GitHub services.

The post GitHub Availability Report: December 2024 appeared first on The GitHub Blog. ⌘ Read more

Documenting and explaining legacy code with GitHub Copilot: Tips and examples
Learn how to document and explain legacy code with GitHub Copilot with real-world examples.

The post Documenting and explaining legacy code with GitHub Copilot: Tips and examples appeared first on The GitHub Blog. ⌘ Read more

How we built the GitHub Skyline CLI extension using GitHub
GitHub uses GitHub to build GitHub, and our CLI extensions are no exception. Read on to find out how we built the GitHub Skyline CLI extension using GitHub!

The post How we built the GitHub Skyline CLI extension using GitHub appeared first on [The GitHub Blog](https:/ … ⌘ Read more

Git security vulnerabilities announced
A new set of Git releases were published to address a variety of security vulnerabilities. All users are encouraged to upgrade. Take a look at GitHub’s view of the latest round of releases.

The post Git security vulnerabilities announced appeared first on The GitHub Blog. ⌘ Read more

Game Off 2024 winners
Secrets spilled, discovered, and hidden again—Game Off 2024 brought over 500 jaw-dropping submissions that redefined creativity in gaming. From cult quests for free furniture to spellbinding mysteries, these games will have you hooked. Ready to uncover the winners?!?

The post Game Off 2024 winners appeared first on The GitHub Blog. ⌘ Read more

Highlights from Git 2.48
The open source Git project just released Git 2.48. Here is GitHub’s look at some of the most interesting features and changes introduced since last time.

The post Highlights from Git 2.48 appeared first on The GitHub Blog. ⌘ Read more

How to secure your GitHub Actions workflows with CodeQL
In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours.

The post How to secure your GitHub Actions workflows with CodeQL a … ⌘ Read more

How to use GitHub Copilot: What it can do and real-world examples
Real-world examples show you how Copilot can generate unit tests, refactor code, create documentation, perform multi-file edits, and much more

The post How to use GitHub Copilot: What it can do and real-world examples appeared first on The GitHub Blog. ⌘ Read more

Building LATAM’s future tech workforce with AI
Git Commit 2024 and our new AI course in Spanish

The post Building LATAM’s future tech workforce with AI appeared first on The GitHub Blog. ⌘ Read more

GitHub’s top blogs of 2024
Explore GitHub’s top blogs of 2024, featuring new tools, AI breakthroughs, and tips to level up your developer game.

The post GitHub’s top blogs of 2024 appeared first on The GitHub Blog. ⌘ Read more

Announcing CodeQL Community Packs
We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment…

The post Announcing CodeQL Community Packs appeared first on The GitHub Blog. ⌘ Read more

How researchers are studying the impact of GitHub Copilot on the nature of work for open source maintainers
An interview with economic researchers analyzing the causal effect of GitHub Copilot on how open source maintainers work.

The post [How researchers are studying the impact of GitHub Copilot on the nature of work for open source maintainers](https://github.blog/news-insights/policy-news-and-insig … ⌘ Read more

OpenAI’s latest o1 model now available in GitHub Copilot and GitHub Models
The December 17 release of OpenAI’s o1 model is now available in GitHub Copilot and GitHub Models, bringing advanced coding capabilities to your workflows.

The post OpenAI’s latest o1 model now available in GitHub Copilot and GitHub Models appeared first on The GitHub Blog. ⌘ Read more

Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations
Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.

The post [Enhance build security and reach SLSA Level 3 with GitHub Artifact Attest … ⌘ Read more

Introducing Annotated Logger: A Python package to aid in adding metadata to logs
We’re open sourcing Annotated Logger, a Python package that helps make logs searchable with consistent metadata.

The post [Introducing Annotated Logger: A Python package to aid in adding metadata to logs](https://github.blog/developer-skills/programming-languages-and-frameworks/introducing-annotated-logger-a-python-package-to-aid-in-a … ⌘ Read more

Announcing 150M developers and a new free tier for GitHub Copilot in VS Code
Come and join 150M developers on GitHub that can now code with Copilot for free in VS Code.

The post Announcing 150M developers and a new free tier for GitHub Copilot in VS Code appeared first on The GitHub Blog. ⌘ Read more

Uncovering GStreamer secrets
In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.

The post Uncovering GStreamer secrets appeared first on The GitHub Blog. ⌘ Read more

GitHub Availability Report: November 2024
In November, we experienced one incident that resulted in degraded performance across GitHub services.

The post GitHub Availability Report: November 2024 appeared first on The GitHub Blog. ⌘ Read more

So many tokens, so little time: Introducing a faster, more flexible byte-pair tokenizer
We released a new open source byte-pair tokenizer that is faster and more flexible than popular alternatives.

The post So many tokens, so little time: Introducing a faster, more flexible byte-pair tokenizer appeared first on [The GitHub Bl … ⌘ Read more

CodeQL zero to hero part 4: Gradio framework case study
Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.

The post CodeQL zero to hero part 4: Gradio framework case study appeared first on The GitHub Blog. ⌘ Read more

What the EU’s new software legislation means for developers
The EU Cyber Resilience Act will introduce new cybersecurity requirements for software released in the EU. Learn what it means for your open source projects and what GitHub is doing to ensure the law will be a net win for open source maintainers.

The post [What the EU’s new software legislation means for developers](https://github.blog/open-source/maintainers/what-the-eus-new-software-legislation-means-fo … ⌘ Read more