InfoQ Homepage git Content on InfoQ
-
Announcing Allstar, a GitHub App to Improve Open Source Security
Google recently announced Allstar, a GitHub app that enables continuous enforcement of security policies for a given organization or project repository. Allstar is Google’s contribution towards improving Open Source Software (OSS) security.
-
GitHub to Phase out Support for Git Protocol, DSA Keys and Legacy SSH Algorithms
With a strong focus on having customer data as secure as possible, GitHub has decided to remove support for the unencrypted Git protocol, DSA keys and some legacy SSH algorithms. Also, it is adding requirements for newly added RSA keys and providing support for ECDSA and Ed25519 host keys SSH. These changes might affect only SSH and git:// users, while the https:// users will be unaffected.
-
Travis CI Vulnerability Potentially Leaked Customer Secrets
Popular continuous integration and delivery service Travis CI disclosed a vulnerability that potentially leaked secure environment variables, including signing keys, access credentials, and API tokens. The flaw was quickly fixed on September 10, but the developer community found Travis CI handling of this issue insufficient.
-
GitHub CLI 2.0 Brings Support for Extensions
With its new major version, GitHub CLI enables extending its basic feature set by installing and running extensions. A GitHub CLI extension is just a repository prefixed with gh- and providing an executable file with the same name as the repository.
-
Codespaces is GitHub's New Development Platform, Now Supporting Emacs and Vim
GitHub has moved away from local development environment and adopted Codespaces for its day-to-day development flow. After careful configuration, GitHub achieved a 10 seconds bootstrap time for a new environment. Additionally, now Codespaces support Emacs and Vim besides Visual Studio Code.
-
GitLab Open-Sources Package Hunter, Falco-Based Tool to Detect Malicious Code
GitLab has released a new open-source tool, Package Hunter, aimed to detect malicious code by running your project dependencies inside a sandbox. Package Hunter leverages Falco to detect unexpected application behaviour at runtime.
-
GitHub Funds Independent Legal Support for Developers against DMCA
GitHub has launched a program to offer developers free legal support from Stanford Law School against DMCA takedowns requested under Section 1201. InfoQ has taken the chance to speak with Mike Linksvayer, head of developer policy at GitHub, and Phil Malone, director of Juelsgaard Clinic, Stanford Law.
-
GitHub Previews Copilot, an OpenAI-Powered Coding Assistant
GitHub recently announced Copilot, an AI-powered pair programmer designed to help developers write code faster and with less effort. The service learns from comments and existing code, suggesting new lines and the implementation of whole functions.
-
Sonatype Lift Integrates Facebook Infer, Google ErrorProne, and Other Code Analyzers
Recently launched Sonatype Lift provides a unified code analysis platform that includes over 25 tools to help developers identify a wide range of bugs in their development pipelines as soon as possible, says Sonatype. InfoQ has spoken with Stephen Magill, VP of product innovation at Sonatype, to learn more.
-
GitHub Study Explores What Makes Developers Have a Good Day
GitHub researchers released the results of a survey aimed at investigating what helps developers have good days. InfoQ has taken the chance to speak with Dr. Eirini Kalliamvakou, senior researcher at GitHub & member of the Developer Velocity Lab.
-
GitHub's Journey with Web Standards and Web Components
GitHub has been working for the last few years on moving away from jQuery and running its interface entirely on Web standards, specifically Web Components. InfoQ has talked with GitHub application engineer Kristján Oddsson to learn more.
-
How GitHub Leverages Feature Flags to Ship Quickly and Safely
In a recent blog post, Alberto Gimeno, GitHub actions engineer, shared how GitHub makes use of feature flags to enable frequent, safe deployments. GitHub leverages feature flags for all potentially risky changes, allowing them to quickly disable the change if needed.
-
Atlassian Open DevOps Integrates Jira with Tools Like GitHub and Datadog
Atlassian has released Open DevOps, their new platform offering integrating Atlassian products and partner offerings. Open DevOps integrates Jira Software, Confluence, Bitbucket, and Opsgenie into a single project. It is possible to integrate with other tools, such as GitHub and Datadog, with minimal integration.
-
GitHub Reacts to Growing Cryptocurrency Mining Attacks Using GitHub Actions
In response to the recent surge in cryptocurrency mining attacks, GitHub has changed how pull requests from public forks are handled in GitHub Actions to prevent abuse.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.