Clik here to view.
How to secure your GitHub Actions workflows with CodeQL
In the last few months, we secured more than 75 GitHub Actions workflows in open source projects, disclosing more than 90 different vulnerabilities. Out of this research, we produced new support for...
View ArticleHighlights from Git 2.48
The open source Git project just released Git 2.48 with features and bug fixes from over 93 contributors, 35 of them new. We last caught up with you on the latest in Git back when 2.47 was released....
View ArticleClik here to view.
Game Off 2024 winners
Another year, another incredible GitHub Game Off—and this one was secrets-ational! With over 500 submissions, participants turned the theme of “secrets” into an extraordinary showcase of creativity,...
View ArticleGit security vulnerabilities announced
Today, the Git project released new versions to address a pair of security vulnerabilities, CVE-2024-50349 and CVE-2024-52006, that affect all prior versions of Git. CVE-2024-50349 When Git needs to...
View ArticleClik here to view.
How we built the GitHub Skyline CLI extension using GitHub
In December 2024, we announced gh-skyline, a GitHub CLI extension that allows our developer community to generate a 3D version of their GitHub Contribution Graph into an STL file ready for printing on...
View ArticleDocumenting and explaining legacy code with GitHub Copilot: Tips and examples
Why did the developer bring a flashlight to the legacy codebase? Because every time they tried to refactor it, they found more bugs hiding in the dark corners. The thing is, working with legacy code...
View ArticleGitHub Availability Report: December 2024
In December, we experienced two incidents that resulted in degraded performance across GitHub services. December 17 14:17 UTC (lasting 17 minutes) On December 17, 2024, between 14:33 UTC and 14:50...
View ArticleSupporting the next generation of developers
We believe that software is at the center of human progress and that all software builds on the work of others, especially open source, through an interconnected community of developers. We need to...
View ArticleHow we evaluate AI models and LLMs for GitHub Copilot
There are so many AI models to choose from these days. From the proprietary foundation models of OpenAI, Google, and Anthropic to the smaller, more open options from the likes of Meta and Mistral....
View ArticleClik here to view.
Seven years of open source: A more secure and diverse ecosystem
Seven years ago, we surveyed 5,500 open source contributors to understand the people who use, build, and maintain open source software. This year, we repeated the effort to understand how the open...
View ArticleClik here to view.
Modernizing legacy code with GitHub Copilot: Tips and examples
Let’s talk about legacy code—you know, the code that’s old enough to drive and definitely old enough to haunt your dreams. Maybe it’s a sprawling COBOL system or an early version of C++ written back...
View ArticleClik here to view.
Attacks on Maven proxy repositories
As someone who’s been breaking the security of Java applications for many years, I was always curious about the supply chain attacks on Java libraries. In 2019, I accidentally discovered an arbitrary...
View ArticleClik here to view.
That’s a wrap: GitHub Innovation Graph in 2024
This is our first GitHub Innovation Graph data release in 2025 and our first data release after celebrating the Innovation Graph’s first birthday, so we’d like to reflect a bit on how things have gone...
View ArticleNew to open source? Here’s everything you need to get started
So, you’ve heard about open source. You know it’s a great way to learn new skills, build up your resume, and give back to the developer community—but maybe you’re not sure where to begin. Getting...
View ArticleOpen source AI is already finding its way into production
Open source has long driven innovation and the adoption of cutting-edge technologies, from web interfaces to cloud-native computing. The same is true in the burgeoning field of open source artificial...
View ArticleClik here to view.
Considerations for making a tree view component accessible
Tree views are a core part of the GitHub experience. You’ve encountered one if you’ve ever navigated through a repository’s file structure or reviewed a pull request. On GitHub, a tree view is the...
View ArticleClik here to view.
Cybersecurity researchers: Digital detectives in a connected world
Have you ever considered yourself a detective at heart? Cybersecurity researchers are digital detectives, uncovering vulnerabilities before malicious actors exploit them. To succeed, they adopt the...
View ArticleClik here to view.
4 steps to building a natural language search tool
“We have a problem. Our current search method for sifting through PDFs is extremely manual and time consuming. Is there an easier way?” As a developer, this is one of those questions that really gets...
View Article5 tips for promoting your open source project
After months or years of hard work, you’ve just pushed your open source project to GitHub and made it public. Now it’s time to tell the world about it. Chances are you’d rather spend time writing code...
View ArticleClik here to view.
GitHub Copilot: The agent awakens
When we introduced GitHub Copilot back in 2021, we had a clear goal: to make developers’ lives easier with an AI pair programmer that helps them write better code. The name reflects our belief that...
View Article