Updates, ideas, and inspiration from GitHub to help developers build and design software.
Bypassing OGNL sandboxes for fun and charitiesObject Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.
Setting the foundations for complianceLaying the groundwork for developer-enabled compliance.
100 million developers and countingThere are now 100 million developers around the world using GitHub. Here’s what this means—and why it’s just the beginning.
Introducing the GitHub Bug Bounty swag storeWe're excited to share the newest addition to our GitHub Bug Bounty Program!
Pwning the all Google phone with a non-Google bugIt turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit that used this vulnerability to gain arbitrary kernel code execution and root on a Pixel 6 from an Android app.
Unpacking the value of open source and code collaborationWe’re more excited than ever about what the future holds and the role open source will continue to play in solving critical societal challenges.
Sunsetting Subversion supportOn January 8, 2024, GitHub will remove support for Subversion.
Bringing GitHub Actions to GitHub MobileHow to tap into the power of GitHub Actions from anywhere with GitHub Mobile!
How GitHub coordinates product releases with GitHub Projects and GitHub ActionsWhen teams work cross-functionally, good things happen. See how our teams use GitHub Projects to coordinate and ship new products and features.
Remediation made simple: Introducing new validity checks for GitHub tokensGitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.
Dependabot alerts are now visible to more developersDefault settings will allow developers with write and maintain access to see and resolve Dependabot alerts.
Git security vulnerabilities announcedGit users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.
3 common DevOps antipatterns and cloud native strategies that can helpExplore how GitHub and cloud native strategies can help you address common DevOps pipeline and team antipatterns.
Game Off 2022 winners 🏆All of the winners and some of the best games from Game Off 2022.
New GitHub CLI extension toolsSupport for GitHub CLI extensions has been expanded with new authorship tools and more ways to discover and install custom commands. Learn how to write powerful extensions in Go and find new commands to install.
A smarter, quieter DependabotDependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.
Passwordless deployments to the cloudDiscovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).
Introducing required workflows and configuration variables to GitHub ActionsNow, you can standardize and enforce CI/CD best practices across all repositories in your organization to reduce duplication and secure your DevOps processes.
GitHub Discussions just got better with Category Forms!Category Forms allow maintainers to create templates for their GitHub Discussions, which means that users can start new discussions with all the necessary information already included.