はてなブックマーク

September 26, 2023 npm provenance is now generally available. npm packages built on a supported cloud CI/CD system can publish with provenance. Today this includes GitHub Actions and GitLab CI/CD. Publishing with provenance verifiably links the package back to its source repository and build instructions. Provenance is restricted to public packages and public source repositories only. npm will che

The Developer Experience (DX) team at GitHub collaborated with a number of other teams to work on moving our continuous integration (CI) system to GitHub Actions to support the development and scaling demands of our engineering team. Our goal as a team is to enable our engineers to confidently and quickly ship software. To that end, we’ve worked on providing paved paths, a suite of automated tools

Author Mike Linksvayer GitHubは、このたびGitHub Innovation Graphを公開しました。GitHub Innovation Graphは、ソフトウェア開発者がグローバルおよびローカルに与える影響に関するオープンデータとインサイトを共有するプラットフォームです。これまでの長い期間、イノベーションの指標として特許あるいは研究論文に焦点が当てられてきました。しかしながら、政策立案者や研究者が直面している困難は、ソフトウェア開発に関する世界的なトレンドについて信頼できるデータがほぼ見つからないという状況でした。GitHub Innovation Graphは、その解決策になり得ます。 GitHub Innovation Graphとは？ GitHub Innovation Graphは、世界中の経済圏のソフトウェア開発に関する縦断的な指標を含んでいます。

Passkeys are a new form of sign-in and phishing resistant credential that make it easier to protect your GitHub account by reducing use of passwords and other, more easily phishable authentication methods. Since the launch of passkeys in beta in July, tens of thousands of developers have adopted them. Now, all users on GitHub.com can use passkeys to protect their account. This continues our commit

In July, we introduced a public beta of GitHub Copilot Chat, a pivotal component of our vision for the future of AI-powered software development, for all GitHub Copilot for Business users. Today, we’re thrilled to take the next step forward in our GitHub Copilot X journey by releasing a public beta of GitHub Copilot Chat for all GitHub Copilot individual users across Visual Studio and VS Code. Int

Since the May beta release of our GitHub-curated Dependabot policies that detect and close false positive alerts, over 250k repositories have manually opted in, with an average improvement of over 1 in 10 alerts. The impact so far: auto-dismissal of millions of alerts that would have otherwise demanded a developer’s attention to manually assess and triage. Starting today, you can create your own c

If you want to build and scale an application using a large language model (LLM), this article’s for you. It took us three years to develop GitHub Copilot before we officially launched it to the general public. To go from idea to production, we followed three stages—find it, nail it, scale it—loosely based on the “Nail It, Then Scale It” framework for entrepreneurial product development. Here’s ho

Since we released GitHub Codespaces in 2021, we’ve made a number of updates aimed at improving usability, controlling cost, and more (for example, free usage for all, one click into templates, and concurrency policies). Now, GitHub has improved our developer experience and reduced usage costs at the same time by taking advantage of new virtual machines that provide all of our users twice the RAM,

For the eighth year in a row, Rust has topped the chart as “the most desired programming language” in Stack Overflow’s annual developer survey. And with more than 80% of developers reporting that they’d like to use the language again next year, you have to wonder how a language created less than 20 years ago has stolen the hearts of developers around the world. In this article, we’ll look at the h

GitHub Projects has been adopted by program managers, OSS maintainers, enterprises, and individual developers alike for its user-friendly design and efficiency. We all know that managing issues and pull requests in our repositories can be challenging. To help you optimize your usage of GitHub Projects to plan and track your work from start to finish, I’ll be sharing 10 things you can do with GitHu

When the next Log4j lands, you don’t want to find out that you’re several versions behind, and that it’s going to take the team days to fix all of the breaking changes. Dependabot version updates automate the patching process, giving you a measure of protection from unwelcome surprises. But just as with any inbox, the sheer volume of available updates can quickly swell into a management hassle. An

August 21, 2023 With the Repository Actions Runners List, you can now view all available runners in the Actions tab of a repository. This feature is now in public beta and will be gradually released in the upcoming weeks. The runner types listed include Standard GitHub-hosted, Larger GitHub-hosted (for faster builds), Self-hosted, and Scale-sets. For some benefits of using the Repository Actions R

The open source Git project just released Git 2.42 with features and bug fixes from over 78 contributors, 17 of them new. We last caught up with you on the latest in Git back when 2.41 was released. To celebrate this most recent release, here’s GitHub’s look at some of the most interesting features and changes introduced since last time. Faster object traversals with bitmaps Many long-time readers

Since the initial release for free public repositories earlier this year, one quarter of public repositories with secret scanning enabled have also been leveraging push protection to prevent you from pushing code that contains secrets. We’re thrilled by this adoption from the open source community. By fixing potential leaks before they occur, you and your teams can reduce the risk of a security in

Continuous Integration and Continuous Deployment (CI/CD) software supply chains are a lucrative target for threat actors. GitHub Actions is one of the most widely used platforms for automation, making it an important target. For the past few months, the GitHub Security Lab has been collaborating with a team of researchers from Purdue University (PurS3 Lab, PurSec Lab) and North Carolina State Univ

After three-plus years of concepting, designing, and shipping AI-driven developer tools, GitHub is continuing to explore new ways to bring powerful AI models into the developer workflow. Along the way, we’ve learned that the most important aspect of designing AI-driven products is to focus extensively on the developer experience (DevEx). While it can now feel like there’s a new AI announcement fro

Want the TL;DR, or you’ve already been using GitHub for awhile? Skip to the end for a printable checklist that you can use to ensure that you’ve covered all aspects of making your repository collaboration-ready. My daughter has a pair of pet gerbils. They’re awesome, but not the most complex creatures to care for. They need their cage cleaned occasionally, their food and water refilled, and may ne

Make more informed decisions about the code you use. In the rare case where a GitHub Copilot suggestion matches public code, this update will show a list of repositories where that code appears and their licenses. Sign up for the private beta today. Over the course of the last year, GitHub Copilot, the world’s first at-scale AI pair programmer trained on billions of lines of public code, has attra

When a new customer starts using GitHub Enterprise, one of the first questions they usually ask is: How do we structure the organizations within our enterprise? Even experienced GitHub administrators frequently reevaluate and seek guidance on how they should group organizations and teams within their enterprise. Why? An effective structure is crucial in maximizing the value of GitHub and enhancing

At GitHub, we perform a lot of merges and rebases in the background. For example, when you’re ready to merge your pull request, we already have the resulting merge assembled. Speeding up merge and rebase performance saves both user-visible time and backend resources. Git has recently learned some new tricks which we’re using at scale across GitHub. This post walks through what’s changed and how th

At the beginning of the year, I started working out with a trainer who wanted me to start tracking my food, but I’ve always been super against tracking my meals because it just doesn’t work for me. Instead of tracking my meals however, I decided to build an application that automagically tells me the nutritional information of any recipe. But to do that I needed some pretty complex natural languag

Protected branches have been around for a while, and we’ve made numerous improvements over time. We’ve added new rules to protect multiple branches and introduced additional permissions. However, it’s still challenging to consistently protect branches and tags throughout organizations. Managing scripts, cron jobs, various API calls, or third-party tooling to have consistent branch protections is n

Author Mario Rodriguez 今年初めにGitHub Copilot Xを発表した際、GitHub上の開発者エクスペリエンス全体にわたり、生成AIとGPT-4のパワーをもたらすことを目的とした、テクニカルプレビューを数多くご紹介しました。本日、GitHub Copilot Xをあらゆる組織に提供するための第一歩として、Visual StudioとVS CodeのすべてのGitHub Copilot for Businessのユーザーを対象するGitHub Copilot Chatの限定パブリックベータ版をリリースしました。 この新たな進歩により、GitHub Copilotはコンテキストを理解した会話アシスタントとしてIDE内で機能するようになり、その結果として開発者は最も複雑なタスクの一部を簡単なプロンプトで実行できるようになります。職歴の長短に関わらず、チームのすべての

Earlier this year, we announced GitHub Copilot X, which featured a number of technical previews designed to bring the power of generative AI and GPT-4 throughout the entire developer experience on GitHub. Today, we’re excited to take a first step in bringing GitHub Copilot X to enterprise companies and organizations with a limited public beta release of GitHub Copilot Chat for all business users o

Data-driven insights At GitHub, we believe that data-driven insights are the keys to success for any software development project. Understanding the health and progress of your issues, pull requests, and discussions is crucial for effective collaboration, maintainership, and project management. That is why we’re excited to announce the release of the Issue Metrics GitHub Action, a powerful tool th