The next step for LGTM.com: GitHub code scanning!

Three years ago, the team that built LGTM.com joined GitHub. From that moment on, we have worked tirelessly to natively integrate its underlying CodeQL analysis technology into GitHub. In 2020, GitHub code scanning was launched in public beta, and later that year it became generally available for everyone. GitHub code scanning is powered by the very...

9h

GitHub Pages now uses Actions by default

As GitHub Pages, home to 16 million websites, approaches its 15th anniversary, we’re excited to announce that all sites now build and deploy with GitHub Actions. When GitHub Pages was first announced in 2008, we released Jekyll, a rich static site generator, to allow you to build more complex sites. As Jekyll grew in popularity, many different plugins...

5d

New request for comments on improving npm security with Sigstore is now open

As stewards of the npm registry, we take the security of npm seriously and have continued to introduce a number of changes to improve the security and trustworthiness of the registry. We’ve announced a number of changes over the last several months to improve the security of npm, like requiring two-factor authentication, streamlined login, and enhanced...

1w

All GitHub Enterprise users now have access to the security overview

GitHub’s security features empower developers to find and remediate application security risks across both public and private repositories. Until today, visibility into your security risk across your repositories was only available for admins and security managers for organizations with GitHub Advanced Security. Today, we’re expanding access to GitHub’s...

1w

Release Radar · July 2022 Edition

While some of us have been wrapping up the financial year, and enjoying vacation time, others have been hard at work shipping open source projects and releases. These projects include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of the open source projects that released major version updates this...

2w

Dependabot now alerts for vulnerable GitHub Actions

A well-tuned and secure CI/CD workflow is a critical component for development teams looking to build more and ship fast. GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay...

2w

GitHub Availability Report: July 2022

In July, we experienced one incident that resulted in degraded performance for Codespaces. This report also sheds light into two incidents in June that impacted multiple GitHub.com services. July 27 22:29 UTC (lasting 5 hours and 55 minutes) Our alerting systems detected degraded availability for Codespaces in the US West and East regions during this...

2w

5 simple things you can do with GitHub Packages to level up your workflows

Whether you’re contributing to an open source project, building a personal project, or spinning up the next feature at your 9-to-5 job, finding (or building) the right packages is a core part of any development workflow. Package managers and registries are nothing new. But using one often means integrating one more service into your repository and...

2w

Streamline virtual hackathon events with the new Hackathon in the Cloud Experience

Check out the newest experience addition to the GitHub Global Campus and the Student Developer Pack—Hackathon in the Cloud! Access the best virtual event tools in one place at no cost. Redeem through the GitHub Global Campus Student Developer Pack Are you a Hackathon Organizer? Make managing your virtual hackathon events even easier with the new...

2w

Marketing for maintainers: Promote your project to users and contributors

Congratulations: You’ve pushed your code to GitHub. But if you want other people to benefit from your hard work—or contribute back to the project—you need to get the word out. Not only that, but you need to explain why other people should take the time to learn and potentially contribute to your project. It can be intimidating to go from writing code...

3w