Travis CI flaw exposed thousands of open-source projects’ secrets

A flaw in popular software testing tool Travis CI exposed the secrets of thousands of open-source projects.

Travis CI is a hosted continuous integration service used to build and test software projects hosted on GitHub and Bitbucket.

For at least a week – between 3-10 Sept – open-source repos that used Travis CI had their keys, credentials, and tokens exposed.

Ethereum developer Felix Lange discovered a flaw with how Travis CI handled environmental...

GitHub releases analysis of relations between developers and security researchers

Relations between developers and security researchers is critical, but it’s no secret they’re often fraught.

GitHub first announced that it was expanding its research to more fully understand the relationship between developer and security research communities in December 2020. The initial analysis, conducted by GitHub Security Lab, has now been released.

For its debut analysis, Github focused on the vulnerability disclosure process—of which there is currently no...

Linus Torvalds: GitHub creates ‘absolutely useless garbage’ merges

Linux and Git creator Linus Torvalds has criticised GitHub for creating “absolutely useless garbage merges”.

Torvalds’ comment can be viewed in an archive of a Linux development mailing list and was directed at Konstantin Komarov, Founder and CEO of Paragon Software, about the submission of its read-write NTFS driver for the upcoming 5.15 kernel.

“github creates absolutely useless garbage merges, and you should never ever use the github interfaces to merge...

GitHub Discussions exits beta to help boost developer communities

GitHub’s collaboration-driving feature Discussions is exiting beta to help developer communities thrive.

Discussions enable developers to make repos fun, collaborative, and engaging spaces with features like the ability to pin big announcements, label discussions, mark the most helpful answers, personalise categories, and respond on-the-go via mobile.

Later this year, GitHub will be adding two more features:

Ask your community with polls. With the new Polls...

Stanford Law and GitHub launch initiative to protect open-source developers

Stanford Law and GitHub are partnering on an initiative to protect the legal rights of open-source developers.

Section 1201 of the Digital Millennium Copyright Act from 1998 prohibits the circumvention of technological measures employed by, or on behalf of, copyright owners to protect access to their works.

Open-source developers regularly face takedown claims under Section 1201 but, rather than fight it, they often decide to avoid the cost and risk by just removing the...

GitHub brings its suite of supply chain security features to Go

Go is receiving a boost from GitHub with the company bringing its supply chain security features to the Google-designed language.

According to GitHut, Go is currently the fourth most-popular language on GitHub. The Go community embraced GitHub and now the company is returning the favour by helping them to discover, report, and prevent security vulnerabilities.

Steve Francia, Product Lead of Go Language at Google, said:

“Go was created, in part, to address the...

Former NSA executive Jacob DePriest now heads GitHub’s security operations

GitHub has announced that former NSA (National Security Agency) senior executive Jacob DePriest is now heading its security operations.

Open source evangelist DePriest built the NSA’s Developer Experience from scratch and helped the agency’s developers contribute to the work of others. The NSA’s historically lengthy approval process was reduced from weeks to mere hours in some cases.

A 2019 post on the US Intelligence Careers website explains why DePriest has a...

GitHub expands CLI functionality to bring Actions to your terminal

GitHub is expanding the functionality of its CLI (Command-Line Interface) tool to bring Actions to your terminal.

The first stable version of GitHub CLI launched in September last year with the aim of enabling developers to keep their repo workflows in their terminal.

“Developers spend a lot of time in their terminals, and our CLI helps to mitigate the frequent context switching between your terminal and GitHub.com,” Amanda Pinsker, Product Designer at GitHub, said...

GitHub’s secret scanning for private repos launches alongside security overview

GitHub has launched its secret scanning tool for private repositories alongside a new security overview dashboard.

The world’s largest repo host first unveiled the fraud-preventing secret scanning feature in May last year as part of GitHub Advanced Security—a package of features that includes code scanning, secret scanning, and dependency reviews.

Secret scanning has been in beta until today. Since it was first announced, GitHub says it has:

Expanded secret...

GitHub partners with Adobe and AmEx to expand its MLH Fellowship

GitHub has partnered with Adobe and American Express (AmEx) to deliver a significant expansion of its MLH Fellowship.

The world’s largest repo host first announced MLH Fellowship in May last year. As the world adapted to remote work, the fellowship aimed to give students the opportunities they need to succeed.

93 percent of fellows said that participation in the initiative gave them more confidence in making open-source contributions. On the other side of the equation,...