Tag github

Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers.

Researchers from Purdue and NCSU have found a large number of command injection vulnerabilities in the workflows of projects on GitHub. Follow these four tips to keep your GitHub Actions workflows secure.

GitHub switched to performing merges and rebases using merge-ort. Come behind the scenes to see why and how we made this change.

GitHub recently experienced several availability incidents, both long running and shorter duration. We have since mitigated these incidents and all systems are now operating normally. Read on for more details about what caused these incidents and what we’re doing to mitigate in the future.

A few thoughts on GitHub&rsquo;s practice of keeping their code synchronized with Rails <code>main</code>.

Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers collaborate on it daily. We deploy as often as 20 times a day, and nearly every week one of those deploys is a Rails upgrade. Upgrading Rails weekly Every […]

Many of us are aware of the benefits that a strong focus on automation can bring, particularly in our development workflow and DevOps lifecycle. But silos across businesses can lead to duplication of effort, and potential to lose out on best practices. In this post, we’ll explore how CI/CD can be shared across your entire organization alongside policies, for a well-governed experience with GitHub Actions.

I've been using GitHub since I was eleven years old. To be fair, I didn't really understand git at the time, but I was able to fumble my way through it...

GitHub Actions has supported using OIDC tokens for about 15 months now. It is a much better of providing AWS credentials to workflows than creating IAM users and storing long-lived access keys in GitHub Actions secrets.

Attached: 1 image https://github-contributions.vercel.app/ Is really neat - renders a single image with your entire GitHub contribution history, mine goes all the way back to 2008!

The GitHub CODEOWNERS file validator. Contribute to mszostok/codeowners-validator development by creating an account on GitHub.

this new github font is ace

We’re introducing calendar-based versioning for our REST API, so we can keep evolving our API, whilst still giving integrators a smooth migration path and plenty of time to update their integrations.

See what we're building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease.

:bird: A GitHub action to tweet from a repository. Contribute to twitter-together/action development by creating an account on GitHub.

The other day someone claimed a hostname on a domain I own and it took me a while to track down how. After a lot of digging around, trying to figure out how the hijack was accomplished, it turns out it was via GitHub Pages.

https://twitter.com/RReverser/status/1554923810876522498

I don't want it to exist at all lmao, it's an ethical clusterfuck

Senior Oops Engineer (@ReinH)Wed, 03 Aug 2022 20:18 +0000

buried in github's settings (Settings -> Code Pilot) is this opt-out that y'all should probably click

Senior Oops Engineer (@ReinH)Wed, 03 Aug 2022 03:07 +0000

and there it is. github takes all our free code, puts it in a blender, uses us for free QA on the result, and finally turns around and charges for it

Post details

Looks like GitHub Copilot is going public as a paid product! I have to admit that their "first hit is free" strategy worked perfectly, writing code without it is now somewhat painful and I'll happily pay for it

Brendan Dolan-Gavitt (@moyix)Tue, 21 Jun 2022 18:50 +0000

eevee (@eevee)Tue, 21 Jun 2022 19:50 +0000

https://twitter.com/GitHubSecurity/status/1515101093419646976

If you need to verify the ID of the OAuth application, check the number at the end of the url like github.com/orgs/<org>/policies/applications/145909 coming from the github.com/organizations/<org>/settings/oauth_application_policy page.

chrismo (@the_chrismo)Sat, 16 Apr 2022 02:42 +0000

Watched Free Guy the other day and saw an Octocat sticker! Someone on the set design team should get a promotion. Awesome movie and attention to detail, @VancityReynolds! 😻

Mark Otto (@mdo)Wed, 13 Apr 2022 18:08 +0000

From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.

If you haven't signed up for the preview of the new GitHub code search you're missing out - I use it every day now, being able to execute complex searches (including regular expression matches!) against every line of code on GitHub is absurdly useful cs.github.com

Simon Willison (@simonw)Mon, 28 Mar 2022 04:51 +0000

GitHub algorithm seeks to improve discovery. Developers disagree.

So here's why I bought a receipt printer: Every time one of my GitHub repos gets a new issue, I now get a physical ticket printed out on my desk 🪄

Andrew Schmelyun (@aschmelyun)Thu, 24 Mar 2022 11:44 GMT

It was MySQL, with the resource contention, in the database cluster

https://twitter.com/_msw_/status/1506459050594082820

I have noticed what seems like an almost generational divide in people who contribute to open source. Those who did open source before 2015, and those who think GitHub = OpenSource. 🙃

Aeva ✈ ShmooCon! ✨ (@aevavoom)Wed, 23 Mar 2022 14:58 GMT