Technology Subset

Announcing the launch of the All In for Maintainers DEI Resource Hub – Technology Subset

In 2021, we launched All In to provide the open source community with an opportunity to work together to create a powerful movement for diversity, equity, and inclusion (DEI). From supporting over 300 students through our All in for Students program, to capturing 7,000+ voices in the 2021 Open Source DEI Survey and hosting 300 […]

Technology Subset

Open source’s impact on the world’s 100 million developers – Technology Subset

The open source movement quietly underpins all of the technology we use to live and work. Open source is about more than just technology or a license—it’s about creating a culture of participation and collaboration, where anyone can contribute to making the world a better place. Open source software existed long before GitHub. But today, […]

Technology Subset

January 2023 – Technology Subset

In January, we experienced two incidents. One that resulted in degraded performance for GitHub Packages and GitHub Pages, and another that impacted git users. January 30 21:48 UTC (lasting 35 minutes) Our service monitors detected degraded performance for GitHub Packages and GitHub Pages. Most requests to the container registry were failing and some GitHub Pages […]

Technology Subset

How GitHub is advancing diversity, equity, and inclusion within open source communities – Technology Subset

At GitHub, our goal is to build a platform and galvanize an open source community that everyone can be a part of and make meaningful contributions. The future of software development is collaborative and equitable, made up of amazing people from diverse backgrounds and experiences who work together to advance society through open source technology. […]

Technology Subset

Bypassing OGNL sandboxes for fun and charities – Technology Subset

Overview Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. In the past, OGNL injections led to some serious remote code execution (RCE) vulnerabilities, such as the Equifax breach, and over the years, protection mechanisms and mitigations against OGNL injections […]

Technology Subset

Setting the foundations for compliance – Technology Subset

While compliance is foundational to delivering software around the world, there may be instances where developers get frustrated with policy enforcement slowing down their workflow. Since compliance is what enables the world’s software to be run across regions and enterprises with different security, data, and privacy requirements and regulations, we at GitHub are well-practiced in […]

Technology Subset

Refining the VS Code Flatpak and Toolbox container workflow – Technology Subset

Fix the Git integration within VS Code when working with Toolbox container. Photo by frank mckenna / Unsplash I’ve written earlier about using Toolbox as a development environment along with VS Code installed using Flatpak. Since then I have encountered some problems that you may have come across as well. Primarily, the issue was that […]

Technology Subset

Unlocking security updates for transitive dependencies with npm – Technology Subset

Dependabot helps developers secure their software with automated security updates: when a security advisory is published that affects a project dependency, Dependabot will try to submit a pull request that updates the vulnerable dependency to a safe version if one is available. Of course, there’s no rule that says a security vulnerability will only affect […]

Technology Subset

How GitHub coordinates product releases with GitHub Projects and GitHub Actions – Technology Subset

Looking to supercharge cross-functional work at your organization? Here at GitHub, we take pride in using GitHub to release new products and features. Each new product and feature that we release requires a great amount of cross-functional collaboration, and touches nearly all our teams, from engineering to social media. But it’s not a challenge to […]