The latest blogs from GitHub

Explore the latest blogs from GitHub on all things software development from the newest capabilities on the GitHub platform to research and insights—and guides to help you level up your engineering skills.

Architecture & optimization
How GitHub Actions renders large-scale logs
Rendering logs in a web UI might seem simple: they are just lines of plain text. However, there are a lot of additional features that make them more useful to…March 25, 2021
Learn more
GitHub Education
Introducing the GitHub Education Stream Team!
We are taking GitHub Campus TV to the next level with the help of emerging developers! How? Students from around the world are coming together to host weekly streams on…Elise HollowedMarch 25, 2021
Learn more
Application security
One day short of a full chain: Real world exploit chains explained
When it comes to security research, the path from bug to vulnerability to exploit can be a long one. Security researchers often end their research journey at the “Proof of…Man Yue MoMarch 24, 2021
Learn more
Vulnerability research
One day short of a full chain: Part 3 – Chrome renderer RCE
In this last post of the series, I’ll exploit a use-after-free in the Chrome renderer (CVE-2020-15972), a bug that I reported in September 2020 but turned out to be a duplicate, to gain remote code execution in the sandboxed renderer process in Chrome.Man Yue MoMarch 24, 2021
Learn more
DevOps
Solving the innersource discovery problem
Imagine you’re in an organization with over 2,000 repositories across several different product lines. It can be daunting task to find the right project.Zack KoppertMarch 23, 2021
Learn more
GitHub
GitHub Capture the Flag results
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…March 22, 2021
Learn more
The library
Open innovation will be the winning strategy for digital sovereignty and human progress in the new decade
This article originally appeared in The New Stack, and is republished here with permission. Digital sovereignty has become a rallying cry across the globe. In 2021, open innovation will, counterintuitively,…March 22, 2021
Learn more
Vulnerability research
How we found and fixed a rare race condition in our session handling
On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is…March 18, 2021
Learn more
Open Source
What’s up with these new not-open source licenses?
Understanding the movement of ‘single source’ companies from ‘open source’ to ‘source available’ licenses In the last nine months since joining GitHub’s policy team, I’ve been asked repeatedly about a…March 18, 2021
Learn more
Application security
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.Bas van SchaikMarch 16, 2021
Learn more
Vulnerability research
One day short of a full chain: Part 1 – Android Kernel arbitrary code execution
In this series of posts, I’ll go through the exploit of three security bugs that I reported, which, when used together, can achieve remote kernel code execution in Qualcomm’s devices by visiting a malicious website in a beta version of Chrome. In this first post, I’ll exploit a use-after-free in Qualcomm’s kgsl driver (CVE-2020-11239), a bug that I reported in July 2020 and that was fixed in January 2021, to gain arbitrary kernel code execution from the application domain.Man Yue MoMarch 16, 2021
Learn more
GitHub
Improving large monorepo performance on GitHub
Every day, GitHub serves the needs of over 56M developers, working on over 200M code repositories. All but a tiny fraction of those repositories are served with amazing performance, for…March 16, 2021
Learn more
Vulnerability research
One day short of a full chain: Part 2 – Chrome sandbox escape
In this second post of the series, I’ll exploit a use-after-free in the Payment component of Chrome (1125614/GHSL-2020-165), a bug that I reported in September 2020 that only affected version 86 of Chrome, which was in beta. I’ll use it to escape the Chrome sandbox to gain privilege of a third party App on Android from a compromised renderer.Man Yue MoMarch 16, 2021
Learn more
Policy
FUD chills: GitHub stands with security researchers on DMCA Section 1201
Security research makes us all safer, but too often developers face ambiguous rules and possible criminal liability when they do quality assurance work to find security holes in their stack.…March 15, 2021
Learn more
Git
Highlights from Git 2.31
The open source Git project just released Git 2.31 with features and bug fixes from 85 contributors, 23 of them new. Last time we caught up with you, Git 2.29…March 15, 2021
Learn more
Supply chain security
Dependabot ❤️s private dependencies
Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…March 15, 2021
Learn more
Engineering principles
Scripting with GitHub CLI
It has been a year since we’ve launched the first public release of GitHub CLI. Since, we have added functionality to manage your repositories, comment on issues, enable auto-merge for…March 11, 2021
Learn more
Machine learning
How MLOps can drive governance for machine learning: A conversation with Algorithmia
This post features a guest interview with Diego M. Oppenheimer, CEO at Algorithmia Over the past few years, machine learning has grown in adoption within the enterprise. More organizations are…GitHub PartnershipsMarch 11, 2021
Learn more
DevOps
Measuring enterprise developer productivity
In a recent paper written by Nicole Forsgren and her colleagues, “The SPACE of developer productivity: There’s more to it than you think,” there is an irony that is hard…Kevin AlwellMarch 10, 2021
Learn more
Product
GitHub Discussions now available for private repositories
In December 2020, we launched the public beta of GitHub Discussions, a collaborative communication forum that allows community members to ask and answer questions, share updates, and have open-ended conversations.…March 9, 2021
Learn more
Git
Git clone vulnerability announced
Today, the Git project released new versions to address CVE-2021-21300: a security vulnerability in the delayed checkout mechanism used by Git LFS during git clone operations affecting versions 2.15 and…March 9, 2021
Learn more