Github

Game Bytes · April 2023

Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!
Github

Building GitHub With Ruby And Rails

Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers collaborate on it daily. We deploy as often as 20 times a day, and nearly every week one of those deploys is a Rails upgrade. Upgrading Rails weekly Every […]
Github

Pwning Pixel 6 With A Leftover Patch

In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.
Github

GitHub Availability Report: March 2023

In March, we experienced six incidents that resulted in degraded performance across GitHub services. This report also sheds light into a February incident that resulted in degraded performance for GitHub Codespaces.
Github

Building Organization-wide Governance And Re-use For CI/CD And Automation With GitHub Actions

Many of us are aware of the benefits that a strong focus on automation can bring, particularly in our development workflow and DevOps lifecycle. But silos across businesses can lead to duplication of effort, and potential to lose out on best practices. In this post, we’ll explore how CI/CD can be shared across your entire organization alongside policies, for a well-governed experience with GitHub Actions.
Github

Raising The Bar For Software Security: GitHub 2FA Begins March 13

On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.
Github

GitHub Security Lab Audited DataHub: Here’s What They Found

The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform's authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform.
Github

GitHub Availability Report: February 2023

In February, we experienced three incidents that resulted in degraded performance across GitHub services. This report also sheds light into a January incident that resulted in degraded performance for GitHub Packages and GitHub Pages and another January incident that impacted Git users.
Github

GitHub Actions Importer Is Now Generally Available

We’re excited to announce the general availability of GitHub Actions Importer. GitHub Actions Importer helps you plan, forecast, and automate migrations from Azure DevOps, CircleCI, GitLab, Jenkins, and Travis CI to GitHub Actions. This product is an extension of the official GitHub CLI and is available for free to any GitHub user starting today. Migrating […]
Github

The Code That Wasn’t There: Reading Memory On An Android Device By Accident

CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.
Github

ICYMI: CodeQL Enhancements

Learn about CodeQL's improved user experience and enhancements that let you scan new languages, detect new types of CWEs, and perform deeper analyses of your applications.
Github

Yout Amicus: Fighting For Developers’ Right To Innovate

Our mission to accelerate human progress through developer collaboration requires us, from time to time, to fight against legal developments that would needlessly impair developers’ right to innovate. That’s why GitHub has filed an amicus brief in the appeal of Yout LLC v. Recording Industry of America, Inc.
Github

Release Radar, Festive Edition · December 2022 – January 2023

Welcome to our special edition of the Release Radar 🎄. Between Christmas festivities, end of the year parties, Chinese New Year, or simply enjoying some time off, almost everyone has been celebrating – us too! Now we’re taking a moment to celebrate these awesome open source projects that shipped major version releases during December and […]
Github

Enabling Branch Deployments Through IssueOps With GitHub Actions

What if developers want to leverage branch deployments but don't have a full ChatOps stack integrated with their repositories? We wanted to set out to find a way for all developers to be able to take advantage of branch deployments with ease, right from their GitHub repository, and so the branch-deploy Action was born!
Github