GitHub now serves over 100M developers

GitHub has achieved its goal to serve 100 million developers with two years to spare.

In 2019, GitHub set a goal to have 100 million developers using the service by 2025. In a blog post, GitHub announced that it’s already reached that historic milestone.

GitHub CEO Thomas Dohmke wrote:

“Today, I’m excited to share that there are now officially more than 100 million developers using GitHub to build, maintain, and contribute to software...

GitHub is ending Sponsors payments via PayPal

GitHub has announced that it’s ending the ability for Sponsors to make payments via PayPal.

In a statement, GitHub wrote:

“Starting on February 23, 2023, GitHub Sponsors will no longer support PayPal as a payments processor. As such, it will no longer be possible to sponsor individuals or organizations using PayPal.

If you are sponsoring anyone on GitHub using PayPal, please update your GitHub payment method to pay by credit or debit...

Hackers compromised Okta’s private GitHub repos

Okta says hackers compromised its private GitHub repos earlier this month and stole its source code.

BleepingComputer got hold of a “confidential” email notification sent by Okta to its “security contacts” about the breach.

The Identity and Access Management (IAM) solutions leader says GitHub alerted Okta to the suspicious access earlier this month.

“Upon investigation, we have concluded that such access was used to copy Okta code repositories," wrote...

GitHub Copilot will enable developers to code using their voice

A new GitHub Copilot feature will enable developers to code using their voice.

Copilot was introduced last year and uses AI to help speed up mundane coding tasks by suggesting how to complete lines.

Behind the Copilot feature is an AI model developed by OpenAI called Codex. OpenAI claims that Codex has a broad knowledge of how people use code and is “significantly more capable than GPT-3” in generating code.

Microsoft-owned GitHub announced at its annual...

GitHub now sends Dependabot alerts for vulnerable Actions

GitHub has announced that it will begin sending Dependabot alerts when it detects vulnerable GitHub Actions.

GitHub Actions makes it easy for developers to automate their workflows. Dependabot, meanwhile, automatically updates dependencies to keep your projects secure.

When an Action vulnerability is discovered, GitHub’s team of security researchers will create an advisory to document it. Following the creation of an advisory, Dependabot alerts will be sent to impacted...

GitLab pivots on decision to wipe dormant projects

GitLab appears to have pivoted on a decision to automatically wipe dormant projects.

On Thursday, The Register reported that GitLab planned to delete projects that have been inactive for a year and are owned by free users. The policy was due to come into effect in late September.

GitLab is said to have estimated the policy would save it up to $1 million a year. However, following the report, GitLab’s technically unannounced policy received significant...

SFC urges developers to quit GitHub

The SFC (Software Freedom Conservancy) has quit GitHub and urges other developers to follow.

SFC is a non-profit that aims to provide a home and services to Free, Libre, and Open Source Software (FLOSS) projects.

On Thursday, the SFC posted a blog post criticising the dominant role that GitHub has established in FOSS development.

In the post, Bradley Kuhn, SFC policy fellow, and Denver Gingerich, SFC FOSS license compliance engineer, highlighted the dangers of...

GitHub will mandate 2FA to help secure the software supply chain

GitHub will require all users who contribute code on the platform to use 2FA as part of its latest security improvements.

Attacks on the software supply chain are on the increase. GitHub, which has over 83 million code-contributing users, is stepping up to the plate to protect developers and the software supply chain with this major policy change announcement.

“At GitHub, we believe that our unique position as the home for all developers grants us both an opportunity...

GitHub notifies victims of OAuth token theft

GitHub is notifying known victims of an ongoing attack using stolen third-party OAuth user tokens.

OAuth user tokens maintained by Heroku and Travis CI were stolen and abused by an unauthorised party to download data from dozens of organisations, including npm.

Mike Hanley, Chief Security Officer at GitHub, wrote in a blog post:

“We have high confidence that compromised OAuth user tokens from Heroku and Travis-CI-maintained OAuth applications were stolen and...

GitHub’s Mermaid support enables developers to quickly create diagrams

GitHub has added native support for Mermaid—enabling developers to quickly generate diagrams.

According to GitHub, both open-source and enterprise developers see a productivity boost of around 50 percent when provided with detailed documentation. Rich, visual formats often help to better present information.

Last month, GitHub added support for .svg files to comments in issues, PRs, discussions, and Markdown files like READMEs. However, GitHub says that it recognises...