npm security update: Attack campaign using stolen OAuth tokens
npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.
How we use Dependabot to secure GitHub
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
How we’re using projects to build projects
At GitHub we use GitHub to build our own products, and the new projects experience is no different. Check out how our team uses projects to build powerful project planning for developers.
Enhanced 2FA experience for your npm account
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to…
Software security starts with the developer: Securing developer accounts with 2FA
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
Latest posts
Improved REST API documentation
We’re excited to announce some big improvements to our REST API documentation. We know developers rely on this documentation to integrate with GitHub, and we are committed to making it trustworthy, easy to find, and easy to use.
GitHub Sponsors launches in India
GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away!
Eight years of the GitHub Security Bug Bounty program
It was another record year for our Security Bug Bounty program. We're excited to highlight some achievements we’ve made together with the bounty community from 2021!
Release Radar · April 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…
Engineering
Upgrade to GHES 3.2 or newer by June 3rd to continue using GitHub Connect.
How we’re using projects to build projects
At GitHub we use GitHub to build our own products, and the new projects experience is no different. Check out how our team uses projects to build powerful project planning for developers.
GitHub Availability Report: April 2022
In April, we experienced three distinct incidents resulting in significant impact and degraded state of availability for Codespaces and GitHub Packages.
Being friendly: Strategies for friendly fork management
This is the second and final post in a series describing friendly forks and alternative strategies for managing them.
Community
GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away!
Release Radar · April 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…
Open Source Monthly - May 2022 Edition
Introduction Open Sauced, GitHub's Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors…
20 of our favorite games + source code from Ludum Dare 50
20 of our favorite games plus source code from the latest Ludum Dare competition.
Trending stories
GitHub is now free for teams
Every developer and team can now get private repositories with unlimited collaborators at no cost with GitHub Free, and we reduced prices for some of our paid plans.
How to build a CI/CD pipeline with GitHub Actions in four simple steps
A quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it.
Getting started with project planning on GitHub
Stop context switching. Keep your team’s project planning next to your code.
npm security update: Attack campaign using stolen OAuth tokens
npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.
Our response to the war in Ukraine
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.
5 automations every developer should be running
Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one's for you.
Product
We’re excited to announce some big improvements to our REST API documentation. We know developers rely on this documentation to integrate with GitHub, and we are committed to making it trustworthy, easy to find, and easy to use.
Action needed by GitHub Connect customers using GHES 3.1 and older to adopt new authentication token format updates
Upgrade to GHES 3.2 or newer by June 3rd to continue using GitHub Connect.
Math support in Markdown
Mathematical expressions are key to information sharing amongst engineers, scientists, data scientists, and mathematicians. Today we are pleased to announce that math expressions can be rendered in Markdown on GitHub using $$ as a delimiter for code blocks with math content or the $ delimiter for inline math expressions.
How we’re continuing to enable all developers to build
Learn about what GitHub is doing to make their products more inclusive, and what’s next.
How we’re using projects to build projects
At GitHub we use GitHub to build our own products, and the new projects experience is no different. Check out how our team uses projects to build powerful project planning for developers.
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without…
You can now output and group custom Markdown content on the Actions run summary page.
Security
npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.
How we use Dependabot to secure GitHub
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
Eight years of the GitHub Security Bug Bounty program
It was another record year for our Security Bug Bounty program. We're excited to highlight some achievements we’ve made together with the bounty community from 2021!
GitHub Achieves ISO/IEC 27001:2013 Certification!
GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices.
Today’s most common security vulnerabilities explained
We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
Open Source
GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away!
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…
Introduction Open Sauced, GitHub's Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors…
20 of our favorite games plus source code from the latest Ludum Dare competition.
This is the second and final post in a series describing friendly forks and alternative strategies for managing them.
Enterprise
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
Securing and delivering high-quality code with innersource metrics
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.
How to measure innersource across your organization
The innersource contribution percentage is the rate of contributions from people outside the team that originally authored the software. Let’s dive into what it can look like for your organization.
Education
This year, thousands of students from around the world came together and redefined the world we live in, how we learn, and how we move forward. We are honored to…
Prepare for next semester with GitHub Global Campus and Codespaces
Teachers, it is now your turn to join GitHub Global Campus with our student community! Get access to exclusive benefits, programs, and the Power of Codespaces at no cost in GitHub Classroom!
Career tips for beginner developers
Advice on fundamentals, picking languages to learn, social media presence, interviewing, and more
Policy
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.
2021 Transparency Report
In GitHub's latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal.
Open source creates value, but how do you measure it?
When digital infrastructure is overlooked by governments, it isn't just a missed opportunity: policies may inadvertently endanger open source collaboration.
Company
Learn about what GitHub is doing to make their products more inclusive, and what’s next.
GitHub Desktop 3.0 brings better integration for your pull requests
GitHub Desktop 3.0 brings better integration with your GitHub Pull Requests. You can now receive real time notifications and review the status of your check runs for your pull request.
Git security vulnerability announced
Upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine.