GitHub security update: revoking weakly-generated SSH keys
On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client - GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys. ⌘ Read more
Release Radar · September 2021 Edition
The Northern Hemisphere has hit fall, and the southern is starting to warm into summer. September has been a busy time for our community. Maintainers have been getting their repositories ready for Hacktoberfest, joining us ⌘ Read more
GitHub’s guide to Hacktoberfest 2021
Giving back to open source projects is a great way to practice skills you don’t get to use in your day job. Check out ways to get involved! ⌘ Read more
GitHub Advisory Database now powers npm audit
Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database. ⌘ Read more
GitHub Availability Report: September 2021
In September, we experienced no incidents resulting in service downtime to our core services. ⌘ Read more
13 tiny and terrific entries from the js13kGames competition
If you think about it, 13kB isn’t really a lot. The image above is 81kB. This page weighs over 3MB (waaay more if you include the videos). That’s why it’s so incredibly impressive that the ⌘ Read more
A new public beta of GitHub Releases: How we’re improving the release experience
GitHub Releases has a new look and updated tools to make it easier for open source communities to create and share high-quality releases with auto-generated release notes. ⌘ Read more
Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program. ⌘ Read more
Enterprise managed users are now generally available for GitHub Enterprise Cloud
Manage your company in the cloud with more control and governance using enterprise managed users. ⌘ Read more
GitHub Enterprise Server 3.2 is now generally available
Today, we’re excited to announce that GitHub Enterprise Server 3.2 is generally available. This release brings over 70 new features and changes that improve developer experience and deliver new security capabilities. ⌘ Read more
Revised enterprise DPA with new standard contractual clauses
As part of GitHub’s strong commitment to developer privacy, we are excited to announce updates to our privacy agreements in line with new legal requirements and our own robust data protection practices. ⌘ Read more
Partitioning GitHub’s relational databases to handle scale
In 2019, to meet GitHub’s growth and availability challenges, we set a plan in motion to improve our tooling and ability to partition relational databases. ⌘ Read more
Nocode app ⛏️ | A free nocode app for data exploration, by Clément Levallois
Interesting piece of code here, gonna try it soon.. ⌘ Read more
Announcing npm’s new access token format
npm access tokens will now follow the established format of GitHub authentication tokens. ⌘ Read more
GitHub Advisory Database now supports Rust
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem! ⌘ Read more
CPAN installation as a test, with GitHub workflow ⌘ Read more
using this as the service: https://github.com/JonLundy/sshfwd
Audit log streaming is now in public beta
If you’re a GitHub Enterprise Cloud customer, you can now set up a stream of audit log and Git events to Splunk or an Azure Event Hub. ⌘ Read more
The ReadME Project: A look back at the community stories that shape us
In August of 2020, we started highlighting stories that showcase how developers, maintainers, and organizations are moving humanity forward through The ReadME Project. ⌘ Read more
What’s new from GitHub Changelog? August 2021 Recap
What did we ship in August? Codespaces, Discussions, and lots of other updates, from the general availability of the dark high contrast theme to an auto-generated table of contents for wikis. ⌘ Read more
Announcing recipients of the GitHub Open Source Grants and GitHub Sponsors now open in India
Announcing recipients of the GitHub Open Source Grants and opening of GitHub Sponsors in India. ⌘ Read more
Git vs. GitHub: What’s the Difference? ⌘ Read more
GitHub Enterprise Server 3.2 brings new color modes and added security capabilities
GitHub Enterprise Server 3.2 is available today as a release candidate. With this release, we’re shipping over 70 new features and changes to improve the developer experience and deliver new security capabilities for our customers. ⌘ Read more
An analysis on developer-security researcher interactions in the vulnerability disclosure process
We put out a call to open source developers and security researchers to talk about the security vulnerability disclosure process. Here’s what we found. ⌘ Read more
GitHub security update: Vulnerabilities in tar and @npmcli/arborist
Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist. ⌘ Read more
https://github.com/chrisdone/elisp-guide elisp emacs
Increasing developer happiness with GitHub code scanning
How GitHub uses code scanning to increase developer happiness, and how you can too. ⌘ Read more
Release Radar · August 2021 Edition
The end of financial year is complete, tax time is over, and everyone is back to shipping awesome projects. During August, our community has been super busy shipping lots of new updates. These new releases ⌘ Read more
Introducing the MLH Fellowship: GitHub Externship Track
Applications are now open for the MLH Fellowship: GitHub Externship Track. Apply by September 13. ⌘ Read more
GitHub Availability Report: August 2021
In August, we experienced two distinct incidents resulting in significant impact and degraded state of availability for Git operations, API requests, webhooks, issues, pull requests, GitHub Pages, GitHub Packages, and GitHub Actions services. ⌘ Read more
Improving Git protocol security on GitHub
We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline. ⌘ Read more
Introducing GitHub Global Campus
Calling all students! Get the most out of your GitHub Education experience by joining the GitHub student community on our new digital campus. ⌘ Read more
Vague infringement allegations considered harmful
Ensuring that software copyright allegations are specific and actionable benefits the entire developer ecosystem. That’s why GitHub submitted a “friend of the court” brief in the SAS Institute, Inc. v. World Programming Ltd. case before a Federal Court of Appeals. ⌘ Read more
Request for proposals: Defining standardized GitHub metrics
The GitHub Social Impact and Policy teams are issuing a Request for Proposal (RFP) for a researcher to define a list of publicly available GitHub platform usage metrics by country for international development, public policy and economics disciplines. ⌘ Read more
@niplav@niplav.github.io bigwor~1
30 free and open source Linux games – part 3
With Linux celebrating it’s 30 year anniversary, I thought I’d use that as an excuse to highlight 30 of my favorite free and open source Linux games, their communities, and their stories. If you’ve haven’t ⌘ Read more
Always set light to zero when propagating decrease ⌘ Read more
30 free and open source Linux games – part 2
Linux is celebrating its 30-year anniversary, so I’m taking the opportunity to highlight 30 of my favorite free and open source Linux games, their communities, and their stories. I shared the first 10 yesterday. ⌘ Read more
2021 Transparency Report: January to June
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats. ⌘ Read more
GitHub CLI 2.0 includes extensions!
GitHub CLI 2.0 is now available, making it easy to create and share your own custom commands to make your experience even more powerful. ⌘ Read more
The npm registry is deprecating TLS 1.0 and TLS 1.1
Beginning October 4, 2021, all connections to npm websites and the npm registry, including for package installation, must use TLS 1.2 or higher. ⌘ Read more
In reply to: GitHub - hoppecl/jamlang0001
A small dynamically typed programming language with first-class comments, where every value is explained by a comment. ⌘ Read more
Just found Jam where you are creating a programming language in 48 hours (starts in 1 hour) - https://github.com/langjam/langjam/
Just found Jam where you are creating a programming language in 48 hours (starts in 1 hour) - https://github.com/langjam/langjam/
Enhanced support for citations on GitHub
We’re excited to support researchers and academics on GitHub with enhanced citation support through `CITATION.cff` files. ⌘ Read more
GitHub Discussions is out of beta
GitHub Discussions is now out of beta, with features that include labels, Discussions GraphQL API and webhooks, and mobile functionality. ⌘ Read more
Highlights from Git 2.33
The open source Git project just released Git 2.33 with features and bug fixes from over 74 contributors, 19 of them new. We last caught up with you on the latest in Git when 2.31 ⌘ Read more
Securing your GitHub account with two-factor authentication
The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub. ⌘ Read more