ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok
The effectiveness of a static application security solution hinges on its ability to provide extensive vulnerability coverage and support for a wide range of languages and frameworks. Today, we’re highlighting two releases that’ll help you discover more vulnerabilities in your codebase, so you can ship more secure software.
The post [ICYMI: improved C++ vulnerability coverage and CodeQL support … ⌘ Read more
Your curated GitHub Universe agenda: AI, ethics, and productivity
Gain actionable insights about the intersection of AI and human skills, while tackling ethics, accessibility, and productivity at these GitHub Universe sessions.
The post Your curated GitHub Universe agenda: AI, ethics, and productivity appeared first on The GitHub Blog. ⌘ Read more
The clock is ticking: Atlassian’s support for Bitbucket Server ends on February 15, 2024
Atlassian is ending support for its Server products—including Bitbucket Server—in February 2024. In this post, you’ll learn what that means for you, your options, and how you can move to GitHub.
The post [The clock is ticking: Atlassian’s support for Bitbucket Server ends on February 15, 2024](https://github.blog/2023-10-17-the-clock-is-ticking-atlassians-support … ⌘ Read more
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
In this post, I’ll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
The post [Getting RCE in Chrome with incomplete object initialization in the Maglev compiler](https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the- … ⌘ Read more
Measuring Git performance with OpenTelemetry
Use our new open source Trace2 receiver component and OpenTelemetry to capture and visualize telemetry from your Git commands.
The post Measuring Git performance with OpenTelemetry appeared first on The GitHub Blog. ⌘ Read more
js13kGames 2023 winners 🏆
The twelfth annual js13kGames coding competition, challenging participants to create games in 13kB or less of JavaScript in a month, just wrapped up. This post highlights the top thirteen entries.
The post js13kGames 2023 winners 🏆 appeared first on The GitHub Blog. ⌘ Read more
Ensuring the next generation of open source leaders are truly “all in”
If you are a student from a U.S. minority-serving institution looking to start your journey into open source, join us!
The post Ensuring the next generation of open source leaders are truly “all in” appeared first on The GitHub Blog. ⌘ Read more
GitHub Availability Report: September 2023
In September, we experienced two incidents that resulted in degraded performance across GitHub services.
The post GitHub Availability Report: September 2023 appeared first on The GitHub Blog. ⌘ Read more
Enforcing code reliability by requiring workflows with GitHub Repository Rules
GitHub Enterprise Cloud customers can now ensure controlled workflows run and pass before code is merged into any of its repositories.
The post Enforcing code reliability by requiring workflows with GitHub Repository Rules appeared first on [The GitHub Blog](https://g … ⌘ Read more
Research: Quantifying GitHub Copilot’s impact on code quality
Findings show that code quality is better across the board and developers felt more confident, too.
The post Research: Quantifying GitHub Copilot’s impact on code quality appeared first on The GitHub Blog. ⌘ Read more
Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)
CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.
The post Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641) appeared first on The GitHub Blog. ⌘ Read more
Prompting GitHub Copilot Chat to become your personal AI assistant for accessibility
GitHub Copilot Chat can help you learn about accessibility and improve the accessibility of your code. In this blog, we share a sample foundational prompt that instructs GitHub Copilot Chat to become your personal AI assistant for accessibility.
The post [Prompting GitHub Copilot Chat to become your personal AI assistant for accessibility](https://github.blog/2023-10- … ⌘ Read more
Skilling African developers through All In Africa
All In Africa is a gateway to growth, learning, and meaningful connections within the African open source ecosystem and beyond.
The post Skilling African developers through All In Africa appeared first on The GitHub Blog. ⌘ Read more
A developer’s guide to open source LLMs and generative AI
Open source generative AI projects are a great way to build new AI-powered features and apps.
The post A developer’s guide to open source LLMs and generative AI appeared first on The GitHub Blog. ⌘ Read more
How to communicate like a GitHub engineer: our principles, practices, and tools
Learn more about how we use GitHub to build GitHub, how we turned our guiding communications principles into prescriptive practices to manage our internal communications signal-to-noise ratio, and how you can contribute to the ongoing conversation.
The post [How to communicate like a GitHub engineer: our principles, practices, and tools](https://github.blog/2023-10-04-how-to-commu … ⌘ Read more
Introducing secret scanning validity checks for major cloud services
Secret scanning now performs validity checks for select AWS, Microsoft, Google, and Slack tokens.
The post Introducing secret scanning validity checks for major cloud services appeared first on The GitHub Blog. ⌘ Read more
Sponsors is expanding
GitHub Sponsors has partnered with Patreon. We’re also expanding to new regions.
The post Sponsors is expanding appeared first on The GitHub Blog. ⌘ Read more
3 strategies to expand your threat model and secure your supply chain
How to get the security basics right at your organization.
The post 3 strategies to expand your threat model and secure your supply chain appeared first on The GitHub Blog. ⌘ Read more
Cybersecurity spotlight on bug bounty researcher @inspector-ambitious
For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
The post [Cybersecurity spotlight on bug bounty researcher @inspector-ambitious](https://github.blog/2023-10-02-cybersecurity-spotlight-on-bug-bounty-researcher-inspector-a … ⌘ Read more
Introducing the new, Apple silicon powered M1 macOS larger runner for GitHub Actions
Speed up your GitHub Actions jobs on macOS with all new, faster Apple silicon powered M1 macOS larger runner for arm64.
The post Introducing the new, Apple silicon powered M1 macOS larger runner for GitHub Actions appeared first on [The GitHub Blog](ht … ⌘ Read more
Game Bytes · September 2023
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!
The post Game Bytes · September 2023 appeared first on The GitHub Blog. ⌘ Read more
GitHub Learning Pathways: Learn from the best
Gain expertise and insights from top organizations through guided tutorials, boosting productivity, enhancing security, and enabling seamless collaboration.
The post GitHub Learning Pathways: Learn from the best appeared first on The GitHub Blog. ⌘ Read more
How I used GitHub Copilot Chat to build a ReactJS gallery prototype
GitHub Copilot Chat can help developers create prototypes, understand code, make UI changes, troubleshoot errors, make code more accessible, and generate unit tests.
The post How I used GitHub Copilot Chat to build a ReactJS gallery prototype appeared first on The GitHub Blog. ⌘ Read more
How GitHub uses GitHub Actions and Actions larger runners to build and test GitHub.com
Recently, we’ve been working to make our CI experience better by leveraging the newly released GitHub feature, Actions larger runners, to run our CI.
The post [How GitHub uses GitHub Actions and Actions larger runners to build and test GitHub.com](https://github.blog/2023-09-26-how-github-uses-github-actions-and-actions-larger-runners-to-build-and-test-github-com/ … ⌘ Read more
Your ultimate guide to the GitHub Universe ‘23 agenda
Get a sneak peek into the must-attend sessions, speakers, workshops, and GitHub certifications available at our global developer event.
The post Your ultimate guide to the GitHub Universe ‘23 agenda appeared first on The GitHub Blog. ⌘ Read more
Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I’ll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
The post Getting RCE in Chrome with incorrect side effect in the JIT compiler appeared first on [The GitHub Blog](ht … ⌘ Read more
Calling all teachers! Learn how to build new commands on the GitHub Classroom CLI
In this step-by-step tutorial, we’ll dive into how you can become the next open source contributor to the GitHub Classroom CLI, building commands that you can use to improve your workflow as an educator!
The post [Calling all teachers! Learn how to build new commands on the GitHub Classroom CLI](https://github.blog/2023-09-25-calling-all-teachers-learn-how-to-build-new-comma … ⌘ Read more
The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!
The post [The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects](https://github.blog/2023-09-21-the-github-s … ⌘ Read more
Passkeys are generally available
All GitHub.com users can now register a passkey to sign in without a password.
The post Passkeys are generally available appeared first on The GitHub Blog. ⌘ Read more
Announcing the GitHub Innovation Graph
Explore a universe of data about how the world is building software together on GitHub.
The post Announcing the GitHub Innovation Graph appeared first on The GitHub Blog. ⌘ Read more
GitHub Copilot Chat beta now available for all individuals
All GitHub Copilot for Individuals users now have access to GitHub Copilot Chat beta, bringing natural language-powered coding to every developer in all languages.
The post GitHub Copilot Chat beta now available for all individuals appeared first on The GitHub Blog. ⌘ Read more
Introducing Learning Paths on Global Campus
Guiding student developers through skill building foundations, a building block in their learning journey with GitHub Education.
The post Introducing Learning Paths on Global Campus appeared first on The GitHub Blog. ⌘ Read more
Announcing general availability of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now generally available. Enable secret scanning, dependency scanning, and code scanning on your organization directly in Azure DevOps configuration settings.
The post [Announcing general availability of GitHub Advanced Security for Azure DevOps](https://github.blog/2023-09-20-announcing-general-availability-of-github-advanced-security-for- … ⌘ Read more
Switching from Bitbucket Server and Bamboo to GitHub just got easier
Starting today, GitHub Enterprise Importer supports repository migrations from Bitbucket Server and Bitbucket Data Center, and GitHub Actions Importer offers CI/CD migrations from Bitbucket and Bamboo.
The post Switching from Bitbucket Server and Bamboo to GitHub just got easier appeared first on … ⌘ Read more
Introducing auto-triage rules for Dependabot
Make quick work of alerts with preset and custom rules.
The post Introducing auto-triage rules for Dependabot appeared first on The GitHub Blog. ⌘ Read more
GitHub Availability Report: August 2023
In August, we experienced two incidents that resulted in degraded performance across GitHub services.
The post GitHub Availability Report: August 2023 appeared first on The GitHub Blog. ⌘ Read more
Apply now for GitHub Universe 2023 micro-mentoring
As part of our ongoing commitment to accelerate human progress through Social Impact initiatives, we’re offering students 30-minute, 1:1 micro-mentoring sessions with GitHub employees ahead of Universe.
The post Apply now for GitHub Universe 2023 micro-mentoring appeared first on The GitHub Blog. ⌘ Read more
CodeQL team uses AI to power vulnerability detection in code
Learn how GitHub’s CodeQL leveraged AI modeling and multi-repository variant analysis to discover a new CVE in Gradle.
The post CodeQL team uses AI to power vulnerability detection in code appeared first on The GitHub Blog. ⌘ Read more
How to build an enterprise LLM application: Lessons from GitHub Copilot
The team behind GitHub Copilot shares its lessons for building an LLM app that delivers value to both individuals and enterprise users at scale.
The post How to build an enterprise LLM application: Lessons from GitHub Copilot appeared first on The GitHub Blog. ⌘ Read more
Getting started with edge computing
Edge computing practitioners answer your questions about when and why to build applications at the edge.
The post Getting started with edge computing appeared first on The GitHub Blog. ⌘ Read more
How GitHub reduces costs with upgraded Codespaces
See how much more you can get out of GitHub Codespaces by taking advantage of the improved processing power and increased headroom the RAM provides.
The post How GitHub reduces costs with upgraded Codespaces appeared first on The GitHub Blog. ⌘ Read more
Why Rust is the most admired language among developers
Rust continues to top the charts as the most admired and desired language by developers, and in this post, we dive a little deeper into how (and why) Rust is stealing the hearts of developers around the world.
The post Why Rust is the most admired language among developers appeared first on The GitHub Blog. ⌘ Read more
GitHub Enterprise Server 3.10 is now generally available
Customers using GHES can now ensure secure development is a top priority with enhanced security and compliance controls for their repositories.
The post GitHub Enterprise Server 3.10 is now generally available appeared first on The GitHub Blog. ⌘ Read more
10 things you didn’t know you could do with GitHub Projects
Learn how to optimize your usage of GitHub Projects to plan and track your work from idea to production.
The post 10 things you didn’t know you could do with GitHub Projects appeared first on The GitHub Blog. ⌘ Read more
Game Bytes · August 2023
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!
The post Game Bytes · August 2023 appeared first on The GitHub Blog. ⌘ Read more
A faster way to manage version updates with Dependabot
Now, you can group multiple version updates in a single pull request.
The post A faster way to manage version updates with Dependabot appeared first on The GitHub Blog. ⌘ Read more
Unleashing GitHub Codespaces templates to ignite your development
Learn how to leverage templating features in GitHub Codespaces to streamline your project setup, improve consistency, and simplify collaboration within your development team.
The post Unleashing GitHub Codespaces templates to ignite your development appeared first on The GitHub Blog. ⌘ Read more
AI-powered impact: GitHub Social Impact’s year ahead
How GitHub Social Impact is working with nonprofit organizations, employees, and more to create positive, lasting change in global communities.
The post AI-powered impact: GitHub Social Impact’s year ahead appeared first on The GitHub Blog. ⌘ Read more
Highlights from Git 2.42
Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.42.
The post Highlights from Git 2.42 appeared first on The GitHub Blog. ⌘ Read more
mTLS: When certificate authentication is done wrong
In this post, we’ll deep dive into some interesting attacks on mTLS authentication. We’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.
The post mTLS: When certificate authentication is done wrong appeared first on [The Gi … ⌘ Read more