Click any tag below to further narrow down your results
Links
Joel shares his journey from junior to staff engineer at GitHub, outlining what the staff role entails and how it differs from senior engineering. He discusses the challenges and opportunities that come with this position and offers insights on thriving in it.
This article analyzes a malicious Visual Studio Code extension that implements ransomware-like behavior. It highlights how the extension encrypts files, uploads sensitive data, and communicates with a command and control server via a private GitHub repository. The piece questions how such obvious malware passed the marketplace review.
This article details DNSimple's journey to automate their management of GitHub repositories using Infrastructure as Code principles. It highlights the transition from a manual tool called Repocop to a more efficient system built with Terraform and CI/CD practices, improving consistency and visibility across hundreds of repositories.
A typosquatted npm package named “@acitons/artifact” impersonated the legitimate “@actions/artifact” to exploit GitHub's CI/CD workflows. It stole tokens from build environments and published malicious artifacts, highlighting vulnerabilities in supply chain security.
This article discusses the security vulnerabilities associated with GitHub Actions, highlighting issues like secrets management failures, insufficient permission management, and dependency pinning failures. It emphasizes the importance of understanding these risks to protect CI/CD workflows from potential attacks.
This article explains how to use GitHub Copilot CLI to enhance your command-line workflow. It covers installation requirements, usage instructions, and offers practical prompts for generating code, managing tasks, and automating workflows directly from the terminal.
This GitHub repository offers a comprehensive checklist for securing your digital life. It includes a website for easy navigation, a raw data file for modifications, and an API for accessing checklist data. Users can clone the repo, run it locally, or deploy it on various platforms.
The article discusses using asynchronous coding agents like Claude Code and Codex for code research tasks. It emphasizes the benefits of setting clear goals, allowing these agents to experiment in dedicated GitHub repositories, and accessing the web freely for results. The author shares examples of research projects that demonstrate the effectiveness of this approach.
GitHub Actions now offers analytics that help developers track job performance, resource usage, and failure rates. Users can filter data by repository and time frame to spot trends and optimize build processes. The insights page provides recommendations for improving job efficiency.
Haxiom is a free online markdown editor designed for teams, integrating AI to manage knowledge efficiently. It features real-time editing, GitHub synchronization, and tools for semantic search and duplication detection. The platform aims to streamline documentation and improve collaboration.
This article displays a 404 error message indicating that the requested file is missing from the specified GitHub Pages site. It reminds users to check the filename case, file permissions, and ensure an `index.html` file exists for root URLs. For more help, it links to GitHub's documentation.
GitHub is postponing changes to self-hosted Actions billing to gather more feedback from users. Starting January 1, 2026, they will reduce prices for hosted runners by up to 39% while introducing a $0.002 per-minute charge for all actions workflows. Self-hosted runner pricing changes will take effect on March 1, 2026.
This article provides a detailed analysis of GitHub's service uptime over the past 90 days, using archived status updates to reconstruct the data. It offers insights into downtime incidents and how they affect different components of the platform. The project is open source and encourages community contributions.
GitHub is responding to the influx of low-quality AI-generated pull requests that burden maintainers. Product manager Camilla Moraes initiated a community discussion on potential solutions, including options to disable pull requests or improve review processes to address the challenges posed by AI contributions.
This cheat sheet outlines effective ways to discover, validate, and protect API keys and credentials throughout your software development lifecycle. It includes practical examples, tips on ownership, and guidance on securing vaults without hindering development. It's a useful resource for teams looking to manage secrets more effectively.
This article introduces the WRAP framework to help developers effectively use GitHub Copilot. It emphasizes writing clear issues, refining instructions, breaking tasks into smaller parts, and leveraging the strengths of both humans and AI for better productivity.
The author shares their intense dislike for GitHub Actions, detailing a frustrating experience with a failed build for their project, tmplr. They criticize the CI process, emphasizing the inefficiency and isolation of builds across different platforms, ultimately opting to manage scripts outside of GitHub Actions for better control.
GitHub Actions has seen significant growth and improvements since its 2018 launch, now handling 71 million jobs daily. The article details recent feature updates like YAML anchors and larger cache limits, along with plans for 2026, including scheduled job timezones and parallel steps.
BlazorOcticons provides customizable GitHub Octicons as Razor components for Blazor applications. Installation requires adding a NuGet package and updating the _Imports.razor file. Once set up, you can easily integrate icons into your project.
This GitHub repository is currently disabled due to a DMCA takedown notice. The notice has been publicly posted, and the owner can file a counter notice if they believe the takedown was a mistake.
Google is working on voice cloning features for AI Studio, indicated by a hidden option that allows users to upload audio samples. This capability aims to enhance personalization in AI-generated audio and streamline integration with Gemini models. Other updates include GitHub repository imports and improvements to the platform's navigation.
Nucleate allows teams to create production-ready web and mobile prototypes using their existing design components from GitHub. Users can generate variants quickly without coding, and prototypes can be exported directly as clean code or through a Pull Request.
This article outlines the process of creating a free GitHub account, detailing features like unlimited repositories, integrated code reviews, and community support. It also provides password and username requirements, along with a list of countries for user selection.
A security researcher discovered that Home Depot unintentionally exposed access to its internal systems for a year due to a published access token. After attempts to notify the company went ignored, TechCrunch intervened, leading to the token's revocation. Home Depot lacks a formal process for reporting such security issues.
Microsoft has renamed and updated its DevOps specialization to Agentic DevOps with Microsoft Azure and GitHub. Key changes include new performance requirements, updated audit expectations, and a focus on qualifying partners who support customer adoption of Azure and GitHub solutions.
This commit introduces significant changes to the Moltbot codebase, with over 11,000 lines added and removed across nearly 1,840 files. The update affects various components, including Android, iOS, and multiple integrations like Discord and Slack. It likely includes optimizations, bug fixes, and new features.
This article presents a security scanner specifically designed for AI agent skills, capable of detecting issues like prompt injection and data exfiltration. It supports various analysis methods, including static and behavioral detection, and integrates with tools like VirusTotal and cloud providers.
GitHub reversed its plan to charge $0.002 per minute for self-hosted runners after user backlash. The company acknowledged it needed more user input before implementing such changes and is open to feedback on future pricing strategies. While the charge is postponed, GitHub may still introduce fees later.
The article details a developer's experience with GitHub's API when trying to link PR comments to their database. It explains the differences between GitHub's node IDs and database IDs, revealing how to extract database IDs from node IDs using bitmasking and MessagePack decoding. The author also discusses the complexities of GitHub's dual ID formats and their implications.
This article outlines the Agent Skills for Remotion projects, which are designed to enhance AI agents like Claude Code and Codex. You can install these skills using a simple command or add them when starting a new project. The skills are also accessible on GitHub.
Meku.dev is a platform that helps users create and launch full-stack web applications quickly using AI. You can describe your idea in plain language, and Meku generates a production-ready site in minutes, allowing for customization and deployment options. It supports integration with GitHub and provides a user-friendly interface for development.
Devin Review enhances GitHub's PR review process by using AI to organize code diffs, provide in-depth context through interactive chat, and detect potential bugs. It aims to improve code comprehension and streamline collaboration for both public and private repositories. The tool is currently free during its early release phase.
GitHub Agentic Workflows automate tasks in your repositories using AI. You can define workflows in markdown, and they integrate with GitHub features like Actions and Issues. The system prioritizes security with sandboxed execution and limited permissions.
Zig has migrated its hosting from GitHub to Codeberg due to dissatisfaction with GitHub's performance and policies, especially after Microsoft's acquisition. Concerns over GitHub Actions' reliability and the decline of GitHub Sponsors prompted this decision. The Zig project will maintain open issues on GitHub while starting fresh on Codeberg.
This article outlines how to manage the recent change in NPM's token policy, which limits token validity to 90 days. It introduces a tool called github-update-secret that automates the process of updating access tokens across multiple GitHub repositories. While the long-term solution is to adopt OIDC, this tool provides a temporary fix.
Repogrep is a tool that helps you search through any public GitHub repository quickly. You can paste a URL or search for specific terms to find relevant code or projects. It streamlines access to various coding resources.
Claude and Codex, the new coding agents from Anthropic and OpenAI, are available for Copilot Pro+ and Enterprise users. You can create agent sessions and assign tasks through GitHub, GitHub Mobile, and VS Code without any extra subscription fees. Each session counts as one premium request during the public preview.
This article indicates that the GitHub Pages site you're looking for doesn't exist. It provides a link to documentation for setting up a GitHub Pages site for your account or repository.
Vouch is a system for managing trust within open-source projects. Users must be vouched for to participate in specific project areas, while others can be denounced to restrict their access. It integrates easily with GitHub and allows projects to share trust decisions among each other.
This article outlines recent npm security breaches and provides a checklist for securing npm publish workflows. It emphasizes the importance of using granular npm tokens, 2FA, and trusted publishers to minimize risks from compromised credentials.
Lorentz Kinde, a 31-year-old Cloud Engineer, shares insights about himself and his ongoing projects. He provides links to his GitHub and LinkedIn profiles while reflecting on web design trends and his plans for future updates.
GitHub Agentic Workflows automate repository tasks using AI, allowing users to create workflows in markdown instead of YAML. It integrates with GitHub features for improved efficiency, all while maintaining security through sandboxed execution and controlled permissions. The tool is still in early development, so caution is advised.
This article introduces a tool that lets you ask questions about GitHub repositories and get answers based on the source code. It features a CLI called `remote-bash` that allows you to run bash commands on public repos without cloning them, making it easier to explore and analyze code.
On November 24, 2025, over 1,000 NPM packages were compromised using a fake Bun runtime, leading to the infection of more than 27,000 GitHub repositories. The malicious code steals sensitive information and exfiltrates it via a GitHub Action runner. This incident appears to be linked to a previous attack identified as "Shai-Hulud."
This article provides guidance on creating effective agents.md files for GitHub Copilot. It draws from an analysis of over 2,500 repositories, highlighting the importance of specificity in defining agent roles, commands, and boundaries to improve functionality.
This article provides a Jupyter notebook for implementing the OLMo3 model from scratch. It includes code examples and explanations for building and training the model. The focus is on practical application rather than theoretical concepts.
GitHub is implementing a $0.002-per-minute fee for all Actions usage starting March 1, 2026. This change monetizes the Actions control plane, making self-hosting no longer free while reducing the cost of GitHub-hosted runners. Companies will now face both compute costs and platform fees for their CI workloads.
The GitHub Copilot SDK is now in technical preview, allowing developers to embed AI capabilities into their applications. It simplifies the process by providing a ready-made execution loop, enabling features like planning, tool invocation, and command execution without building these systems from scratch.
Depth Anything 3 (DA3) is a model designed for accurate depth estimation and 3D geometry recovery from various visual inputs, regardless of camera pose. It simplifies the process using a single transformer backbone and a depth-ray representation, outperforming previous models in both monocular and multi-view scenarios. Various specialized models within the DA3 series cater to different depth estimation tasks.
GitHub added over 36 million developers in the past year, driven by the launch of GitHub Copilot Free and a surge in activity across repositories. TypeScript has now surpassed Python and JavaScript as the most popular language on the platform, reflecting a shift towards typed languages and AI integration in development workflows.
This article discusses the concept of Continuous Efficiency, which aims to enhance software development for sustainability using AI tools. It highlights GitHub's efforts to implement automated workflows that improve code quality and performance while reducing environmental impact.
GitHub introduced Agent HQ, integrating various coding agents directly into its platform. This move allows developers to manage and orchestrate tasks across multiple agents seamlessly, enhancing their workflow through a unified command center and new integrations.
Researchers have identified a campaign using GitHub-hosted Python repositories to spread a new JavaScript-based Remote Access Trojan called PyStoreRAT. This malware executes various malicious commands and targets cryptocurrency files, leveraging fake tools to deceive users into downloading it. The operation shows signs of being linked to Eastern European threat actors.
The article details the author's experience migrating their projects from GitHub to Codeberg, outlining each step of the process. It covers setting up a new environment, migrating repositories, and porting CI workflows, while also addressing challenges and solutions encountered along the way.
The article explains how attackers can turn self-hosted GitHub Actions runners into backdoors, allowing persistent access to compromised systems. It details the Shai-Hulud worm as a case study, highlighting its methods for exploiting GitHub's infrastructure and the security risks involved.
A GitHub CLI extension, gh-signoff, allows developers to run tests locally and sign off on their work without relying on cloud CI services. It emphasizes utilizing fast local machines for continuous integration, providing options for full or partial signoffs on various CI steps. The extension is open-source and can be easily installed and configured for projects.
HoloPart is a project focused on generative 3D part amodal segmentation, which aims to decompose 3D shapes into complete and semantically meaningful parts. The project is available on GitHub and offers a dedicated project page for further information. Currently, there are no inference providers deployed for this model.
ghbuster is a tool that identifies potentially malicious or inauthentic GitHub repositories and users through heuristics. It provides methods to detect suspicious activities such as unlinked email commits and coordinated stargazing, helping to maintain the integrity of the GitHub ecosystem. Users can easily install and run the tool with specific commands and can also generate documentation and run tests.
GitHub Chat integrates with various AI coding assistants like Cursor and Claude to facilitate instant understanding of codebases. It provides a straightforward API for indexing GitHub repositories and querying them for detailed information about their contents and technologies used. Unlike GitHub Copilot, GitHub Chat offers repository-wide analysis and a public API for developers.
GitHub is set to be fully integrated into Microsoft’s organizational structure, with CEO Thomas Dohmke announcing his departure to pursue new ventures. He will remain until the end of 2025 to assist with the transition, as GitHub's leadership will report to multiple executives within Microsoft's CoreAI division. GitHub was acquired by Microsoft in 2018 for $7.5 billion.
Microsoft has temporarily paused the integration of Copilot in SQL Server Management Studio (SSMS) 22, opting instead to shift to GitHub Copilot based on user feedback indicating a preference for this functionality. The initial version of SSMS 22 will not include any Copilot features while the SQL Server team works on achieving full integration in future releases.
Gemini Code Assist enhances the code review process in GitHub by providing instant summaries, identifying bugs, and suggesting improvements, which allows developers to focus on more complex issues. With the integration of the advanced Gemini 2.5 model, feedback is more accurate and actionable, leading to higher code quality and increased developer satisfaction, as evidenced by early adopters like Delivery Hero.
Claws is a Ruby-based static analysis tool designed to enhance the safety of GitHub workflows by identifying undesirable behaviors through simple expression rules. It allows users to define rules using an equation expression language, supports runtime configurability, and includes RSpec helpers for testing. Claws can be easily installed as a Ruby Gem and integrated into CI pipelines to analyze workflow files for various security and best practice violations.
The article discusses a vulnerability discovered in the MCP (Multi-Chain Protocol) on GitHub, detailing its implications for security and potential exploits. It emphasizes the importance of addressing such vulnerabilities promptly to safeguard projects and users relying on the MCP framework.
The article introduces the GitHub MCP Registry, a platform designed to streamline the discovery of MCP (Microsoft Cloud Partner) servers. It highlights the benefits of using the registry, such as improved speed and efficiency in finding and utilizing cloud resources for developers and businesses.
Create an eye-catching header image for your GitHub profile or project using the GitHub Profile Header Generator. Choose from various preset themes or customize your own, and easily integrate the header into your README file. The site also credits resources used in the design process while clarifying its independence from GitHub.
GitMCP is an open-source remote Model Context Protocol server that allows AI tools to access up-to-date documentation and code from GitHub projects, significantly reducing code hallucinations. It offers two connection types for users: specific repositories and a generic server for flexibility, all while ensuring privacy and ease of use without any setup.
Enhance your GitHub profile effortlessly with the profile-readme-generator, a tool that allows you to create a customized README quickly. It simplifies the process of adding content to your profile, enabling you to showcase your skills and projects without the hassle of manual editing or configuring GitHub actions. Get started by cloning the repository and running the application locally.
The article provides insights on effectively utilizing GitHub Advanced Security to prioritize vulnerabilities and speed up remediation processes. It emphasizes strategies for improving code security and enhancing collaboration within development teams. The focus is on actionable steps for organizations to maximize their security posture using GitHub's advanced features.
The author observes that the issue count on their GitHub project increases despite completing tasks, as finishing larger issues often leads to the creation of smaller ones. This results in a net gain of issues, making it difficult to measure actual progress. They suggest finding a better metric to track the reduction of missing functionality.
Instructions are provided to set up a conda environment for the project "Save," including cloning the GitHub repository and activating the environment. It also outlines how to test and train a model using pre-trained weights and datasets, specifically for FSC147 and COCO.
The article discusses a significant conversion rate increase achieved by GitHub through a strategic change in their user flow. By optimizing a single aspect of their platform, they successfully improved user engagement and acquisition, demonstrating the power of targeted adjustments in user experience design.
The article discusses GitHub's Dependency Graph, a feature that helps developers visualize and understand their software's supply chain by mapping out dependencies. This tool enhances security by allowing users to identify vulnerabilities in their dependencies and manage them effectively, promoting better supply chain security practices.
GitHub enhances its security measures by implementing stricter protocols for its SAML (Security Assertion Markup Language) authentication. The article details the specific changes made to the SAML implementation, aimed at mitigating potential security vulnerabilities and ensuring safer access for users.
SWE-Factory is an automated tool for generating GitHub issue resolution training data and evaluation benchmarks, significantly improving model performance through its framework. The updated version, SWE-Factory 1.5, offers enhanced robustness and supports multi-language evaluations, employing LLM-powered systems for efficient environment setup and testing. Users can easily set up their environments and validate datasets using provided scripts and commands.
Claude Code is a GitHub action that enhances PRs and issues by intelligently responding to context and executing code changes. It supports multiple authentication methods and includes features like code review, implementation of fixes, and seamless integration with GitHub workflows. The setup process is streamlined for users, providing various automation patterns and a comprehensive guide for migration and usage.
The article discusses various limitations and error messages related to applying code suggestions in a closed pull request for the Rails project. It highlights scenarios when suggestions cannot be applied, such as when no code changes were made or when the pull request is in a specific state. The focus is on ensuring that suggestions are valid and applicable under certain conditions.
The article discusses the improvements made to the accessibility of the GitHub Command Line Interface (CLI), focusing on user experience enhancements that cater to various accessibility needs. These changes aim to make the CLI more usable for individuals with disabilities, ensuring a more inclusive development environment.
A hacker is exploiting GitHub by distributing backdoored source code, specifically targeting hackers, gamers, and researchers. The malicious repositories, linked to the publisher "ischhfd83," deploy hidden backdoors through various means, leading to the installation of remote access trojans and info-stealers, which pose significant risks to users who compile the code. Sophos researchers warn of the sophisticated multi-step infection process that follows the download of these trojanized files.
Claude-Flow v2.7 is an advanced AI orchestration platform that enhances development workflows through features like semantic vector search and a hybrid memory system, enabling faster and more efficient project management. It offers 25 natural language-activated skills and integrates seamlessly with GitHub, providing tools for automation and memory management. The latest version boasts significant performance improvements and a comprehensive toolkit for developers.
GitHub's CEO emphasizes the importance of manual coding skills in the face of the growing influence of AI in software development. He argues that understanding the fundamentals of coding remains crucial for developers, regardless of advancements in technology. This perspective highlights the need for a balance between leveraging AI tools and maintaining core programming competencies.
mbake is a Makefile formatter that offers smart formatting features, intelligent detection of phony targets, and syntax validation to ensure Makefiles are correct. It provides configurable rules through a custom configuration file, supports CI/CD integration, and includes a VSCode extension for seamless editing. Users can install it via PyPI and utilize various commands for formatting, checking, and validating Makefiles.
Microsoft is undergoing a transition within its GitHub division, with Thomas Dohmke resigning from his position as CEO of GitHub. This shift comes as the company aims to refocus its efforts on the CoreAI team, indicating a strategic realignment in its approach to artificial intelligence and development tools.
GitHub engineers address platform challenges by leveraging a range of engineering practices and tools, ensuring system reliability and performance. They implement proactive monitoring, systematic troubleshooting, and scalable solutions to enhance user experience while maintaining platform integrity. Continuous improvement and collaboration among teams are key aspects of their approach to tackling complex issues.
Github has implemented a unique approach by combining an embedded email capture with a secondary call-to-action (CTA) in their hero section, a strategy that has shown to improve conversion rates. Insights from A/B testing suggest that having two CTAs can cater to different levels of user intent and that embedded email captures often lead to higher engagement by minimizing clicks. The discussion raises questions about the effectiveness of multiple fields in email captures and whether this trend will gain traction among other brands.
GitHub Copilot aims to enhance collaboration and productivity among developers by introducing agentic workflows that allow for more intuitive coding experiences. The vision emphasizes a shift from traditional pair programming to a more interactive, peer-based approach, leveraging AI to support developers in real-time. This evolution aims to create a more engaging and efficient software development process.
Copilot Spaces is a new feature introduced by GitHub that enhances collaboration among developers by providing a shared workspace to work with code and context. This feature allows teams to organize their projects more effectively and improves the coding experience with real-time collaboration tools. Users can interact with code in a more contextual manner, making it easier to understand and manage complex projects.
The article discusses how GitHub leveraged Copilot to enhance their secret protection engineering efforts, resulting in significant efficiency improvements. By integrating AI-driven tools, the team was able to accelerate their workflows and improve code security practices. This initiative illustrates the potential of AI in streamlining complex engineering tasks.
The article discusses a project where the author scanned all of GitHub's commits for leaked secrets, highlighting the importance of managing sensitive information in code repositories. The findings emphasize the potential risks developers face if they inadvertently expose secrets in their code. Additionally, the article offers insights into the tools and methods used for the scanning process.
A malicious post-install command executed during the installation of the nx build kit created unauthorized GitHub repositories in users' accounts, stealing sensitive information like wallets and API keys. Organizations are urged to review their GitHub activity and rotate credentials to mitigate exposure, while ongoing investigations continue into the incident.
The page indicates that there is no GitHub Pages site available at the specified URL. It provides a link to the documentation for setting up GitHub Pages for users, organizations, or repositories. Additionally, links to GitHub Status and their Twitter account are included.
The article provides a comprehensive guide on securing GitHub Actions, emphasizing best practices for protecting workflows and sensitive data. It discusses common security risks and offers actionable recommendations to mitigate those risks, ensuring safer automation in software development processes.
A consistent strategy for managing releases and tags in a GitHub repository was developed using GitHub Actions to automate versioning, tagging, and release note generation. This solution simplifies the release process by adhering to semantic versioning and eliminating manual steps, ensuring that every code change is properly documented and versioned.
Amazon Q Developer introduces an interactive code review experience in GitHub that enhances developer productivity by providing inline answers and suggestions directly within pull requests. This feature streamlines the review process by offering concise summaries and reducing the time spent searching for context, ultimately enabling faster code merges and improved collaboration among teams.
Microsoft has open-sourced the GitHub Copilot Chat extension for VS Code under the MIT license, allowing the community to access its full implementation and telemetry mechanisms. This move is part of Microsoft's plan to integrate AI features into the popular code editor, which has seen significant growth in the open-source AI ecosystem. While the original GitHub Copilot extension remains closed for now, Microsoft plans to transition its functionality into the open-source chat extension in the coming months.
GitHub has introduced enhanced search capabilities for issues, now allowing nested queries and the use of boolean operators to refine searches. This update aims to improve efficiency and precision for developers managing numerous issues on the platform. The article details how these features were rebuilt to better serve user needs.
Sharon Brizinov shares her experience of earning $64,350 through bug bounty hunting by automating the recovery of deleted files from public GitHub repositories. By scanning thousands of repositories for exposed API keys and credentials hidden in Git's history, she highlighted the importance of addressing security vulnerabilities from seemingly deleted information.
The article provides a practical guide for using the GitHub MCP server, detailing its features, setup process, and best practices for integration into workflows. It emphasizes the potential of generative AI in enhancing development efficiency and collaboration.
A vulnerability in GitHub Copilot Chat, discovered by Legit Security, allowed the leakage of sensitive data such as AWS keys and zero-day bugs from private repositories. By exploiting hidden comments and remote prompt injection, attackers could control Copilot's responses and exfiltrate sensitive information from users. GitHub has since addressed the issue by blocking the method used for data leakage.
Jules, an asynchronous coding agent developed by Google, is now in public beta, allowing developers to automate tasks such as writing tests, fixing bugs, and building features directly within their existing code repositories. It integrates with GitHub and operates in the cloud, providing a visible workflow and audio summaries of changes made. With advanced capabilities powered by the Gemini model, Jules aims to streamline the software development process while keeping user data private.