Using GitHub’s security features to help identify Log4j exposure in your codebase
Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories. ⌘ Read more

How to define security requirements for your OSS project
Defining your security requirements is the most important proactive control you can implement for your project. Here’s how. ⌘ Read more

GitHub’s response to Log4j vulnerability CVE-2021-44228
On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228. ⌘ Read more

What’s new from GitHub Changelog? November 2021 recap
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links. ⌘ Read more

GitHub at the UN Internet Governance Forum
Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests. ⌘ Read more

fake english word generation for Go and CLI: [[https://github.com/nwtgck/go-fakelish]] #links

a zero dependency shell script that makes it really simple to manage your text notes [[https://github.com/nickjj/notes]] #links

squinewave: a sine-square-saw-pulse oscillator with hardsync: [[https://github.com/required-field/squinewave]] #links

GitHub is the hub of the entire Open Source world?
… ⌘ Read more

Introducing stack graphs
Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language. ⌘ Read more

Precise code navigation for Python, and code navigation in pull requests
Code navigation is now available in PRs, and code navigation results for Python are now more precise. ⌘ Read more

Improving GitHub code search
Today, we are rolling out a technology preview for GitHub code search, the next iteration for search, discovery, and navigation on GitHub. ⌘ Read more

GitHub Enterprise Server 3.3 is generally available
GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories. ⌘ Read more

Enrolling all npm publishers in enhanced login verification and next steps for two-factor authentication enforcement
Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7. ⌘ Read more

Write more secure code with the OWASP Top 10 Proactive Controls
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place. ⌘ Read more

Safeguard your containers with new container signing capability in GitHub Actions
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow. ⌘ Read more

Release Radar · November 2021 Edition
The end of the year is getting closer, and our communities are busy working away on their projects. While you’ve all been busy maintaining open source projects and shipping releases, we’ve created a new open ⌘ Read more

GitHub Availability Report: November 2021
In November, we experienced one incident resulting in significant impact and degraded state of availability for multiple services. ⌘ Read more

Using ChatOps to help Actions on-call engineers
You can multiply the impact of your domain experts by building their common workflows into ChatOps. ⌘ Read more

GitHub Externships: enabling India’s next generation of developers
Are you a student in India? Applications are open for the GitHub Externships Winter Cohort! ⌘ Read more

5 DevOps tips to speed up your developer workflow
From learning YAML to scripting with Bash, here are a few simple tips for developers who want to speed up their workflows. ⌘ Read more

GitHub Actions: reusable workflows is generally available
DRY your Actions configuration with reusable workflows (and more!) ⌘ Read more

Lossless Image Compression in O(n) Time
Introducing QOI — the Quite OK Image Format. It losslessly compresses RGB and
RGBA images to a similar size of PNG, while offering a 20x-50x speedup in
compression and 3x-4x speedup in decompression. All single-threaded, no
SIMD. It’s also stupidly simple.

tl;dr: 300 lines of C, single header,
source on github,
benchmark results here.

![QOI compression](/content/a … ⌘ Read more

Secure deployments with OpenID Connect & GitHub Actions now generally available
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens. ⌘ Read more

How to squash bugs by enrolling in OSS-Fuzz
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project. ⌘ Read more

The Copyright Office expands your security research rights
Recently, the Copyright Office responded to the calls to clarify the scope of protected security research. ⌘ Read more

Accelerate security adoption in your organization
The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way. ⌘ Read more

In case you missed it, GitHub Education at Universe 2021!
A recap of all the GitHub Education news from Universe 2021, including the new Intro to Web Dev Experience. ⌘ Read more

What’s new from GitHub Changelog? October 2021 recap
A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more. ⌘ Read more

7 advanced workflow automation features with GitHub Actions
Check out some advanced automation and CI/CD capabilities you can use today with GitHub Actions on any GitHub account. ⌘ Read more

No on gitlab. If its self hosted gitea is best in class.

I can see hosting a mirror on github if only for the redundancy/visibility. Some projects will host but then direct contributions on their self host. Like Go does.

I would suggest using a vanity domain that can redirect tools like go get to hosting of choice. And not require rewriting all the packages any time it gets moved.

GitHub’s developer-first approach to content moderation
GitHub puts the needs of developers at the core of our content moderation policies. Learn more about our approach and how you can contribute. ⌘ Read more

GraphQL global ID migration update
All newly created GraphQL objects now have IDs that conform to a new format, which we refer to as “next IDs.” Learn how to migrate older IDs to the new format and why we’re making the change. ⌘ Read more

Blue-teaming for Exiv2: adding custom CodeQL queries to code scanning
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base. ⌘ Read more

The 2021 State of the Octoverse
The State of the Octoverse analyzes data from millions of developers & repos to share trends across working habits, productivity, and career satisfaction. ⌘ Read more

GitHub’s commitment to npm ecosystem security
We’re sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm. ⌘ Read more

Highlights from Git 2.34
To celebrate this most recent release, here’s GitHub’s look at some of the most interesting features and changes introduced since last time. ⌘ Read more

Release Radar · October 2021 Edition
What an incredible month it’s been for GitHub and our communities. Whilst we’ve been busy with GitHub Universe, our communities have been busy coding. It’s been a successful year for Hacktoberfest, with many first-time contributors ⌘ Read more

Highlights from GitHub’s security roadmap at Universe 2021
During Universe, we received a number of security questions ranging from our strategy to our advisories. Here’s what we’ve got planned! ⌘ Read more

7 unique software collaboration features in GitHub Discussions
Here are a few ways our teams use GitHub Discussions internally to build community, simplify workflows, and get key insights into our work. ⌘ Read more

Make your monorepo feel small with Git’s sparse index
The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo. ⌘ Read more

GitHub Enterprise Server 3.3 enhances CI/CD and adds a new security manager role
This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode. ⌘ Read more

Three rules of bug fixing for better OSS security
When you’re fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants. ⌘ Read more

GitHub Availability Report: October 2021
In October, we experienced one incident resulting in significant impact and degraded state of availability for the GitHub Codespaces service. ⌘ Read more

10 GitHub Actions resources to bookmark from the basics to CI/CD
Tips on how to get started using GitHub Actions and resources to learn more about making it work for you. ⌘ Read more

Building the next phase of GitHub, together
This morning, I shared the following post with Hubbers in response to Nat’s announcement about his next adventure. I am thrilled to take on the role of CEO to build the next phase of GitHub for our global community of software developers. ⌘ Read more

Thank you, GitHub
This morning, I sent the following post to the GitHub team. TL;DR: I’m moving on to my next adventure, and Thomas Dohmke (currently Chief Product Officer) will be GitHub’s next CEO. ⌘ Read more

On the blog: Artificial Stupidity with GitHub Copilot https://john.colagioia.net/blog/2021/11/03/copilot2.html #programming #techtips

Blue-teaming for Exiv2, part 1: creating a security advisory process
This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project. ⌘ Read more

Game Off 2021 theme announcement
The theme for this year’s Game Off is… …BUG! Your challenge, should you choose to accept it, is to create a game between now and December 1 incorporating the theme somehow, and submit it to ⌘ Read more