Technology Subset

Announcing the launch of the All In for Maintainers DEI Resource Hub – Technology Subset

In 2021, we launched All In to provide the open source community with an opportunity to work together to create a powerful movement for diversity, equity, and inclusion (DEI). From supporting over 300 students through our All in for Students program, to capturing 7,000+ voices in the 2021 Open Source DEI Survey and hosting 300 […]

Technology Subset

Open source’s impact on the world’s 100 million developers – Technology Subset

The open source movement quietly underpins all of the technology we use to live and work. Open source is about more than just technology or a license—it’s about creating a culture of participation and collaboration, where anyone can contribute to making the world a better place. Open source software existed long before GitHub. But today, […]

Technology Subset

January 2023 – Technology Subset

In January, we experienced two incidents. One that resulted in degraded performance for GitHub Packages and GitHub Pages, and another that impacted git users. January 30 21:48 UTC (lasting 35 minutes) Our service monitors detected degraded performance for GitHub Packages and GitHub Pages. Most requests to the container registry were failing and some GitHub Pages […]

Technology Subset

How GitHub is advancing diversity, equity, and inclusion within open source communities – Technology Subset

At GitHub, our goal is to build a platform and galvanize an open source community that everyone can be a part of and make meaningful contributions. The future of software development is collaborative and equitable, made up of amazing people from diverse backgrounds and experiences who work together to advance society through open source technology. […]

Technology Subset

Bypassing OGNL sandboxes for fun and charities – Technology Subset

Overview Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. In the past, OGNL injections led to some serious remote code execution (RCE) vulnerabilities, such as the Equifax breach, and over the years, protection mechanisms and mitigations against OGNL injections […]

Technology Subset

Setting the foundations for compliance – Technology Subset

While compliance is foundational to delivering software around the world, there may be instances where developers get frustrated with policy enforcement slowing down their workflow. Since compliance is what enables the world’s software to be run across regions and enterprises with different security, data, and privacy requirements and regulations, we at GitHub are well-practiced in […]

Technology Subset

Pwning the all Google phone with a non-Google bug – Technology Subset

The “not-Google” bug in the “all-Google” phone The year is 2021 A.D. The first “all Google” phone, the Pixel 6 series, made entirely by Google, is launched. Well not entirely… One small GPU chip still holds out. And life is not easy for security researchers who audit the fortified camps of Midgard, Bifrost, and Valhall. […]

Technology Subset

Refining the VS Code Flatpak and Toolbox container workflow – Technology Subset

Fix the Git integration within VS Code when working with Toolbox container. Photo by frank mckenna / Unsplash I’ve written earlier about using Toolbox as a development environment along with VS Code installed using Flatpak. Since then I have encountered some problems that you may have come across as well. Primarily, the issue was that […]

Technology Subset

Unpacking the value of open source and code collaboration – Technology Subset

Open source is now an essential part of 99% of the software we use everyday, and the developers that contribute to the open source ecosystem are more important than ever. As the global home to over 94 million developers, we’re deeply familiar with how open source and free collaboration power innovation and accelerate human progress. […]

Technology Subset

Bringing GitHub Actions to GitHub Mobile – Technology Subset

GitHub Actions has changed the way people automate workflows. On the GitHub Mobile team our mission is to unchain you from your desk and bring GitHub to you—wherever you are—and we’ve heard your feedback: GitHub Actions has consistently been one of your most-requested features, so over the past few months we focused on bringing the […]

Technology Subset

Unlocking security updates for transitive dependencies with npm – Technology Subset

Dependabot helps developers secure their software with automated security updates: when a security advisory is published that affects a project dependency, Dependabot will try to submit a pull request that updates the vulnerable dependency to a safe version if one is available. Of course, there’s no rule that says a security vulnerability will only affect […]

Technology Subset

How GitHub coordinates product releases with GitHub Projects and GitHub Actions – Technology Subset

Looking to supercharge cross-functional work at your organization? Here at GitHub, we take pride in using GitHub to release new products and features. Each new product and feature that we release requires a great amount of cross-functional collaboration, and touches nearly all our teams, from engineering to social media. But it’s not a challenge to […]