GitHub now sends Dependabot alerts for vulnerable Actions

GitHub has announced that it will begin sending Dependabot alerts when it detects vulnerable GitHub Actions.

GitHub Actions makes it easy for developers to automate their workflows. Dependabot, meanwhile, automatically updates dependencies to keep your projects secure.

When an Action vulnerability is discovered, GitHub’s team of security researchers will create an advisory to document it. Following the creation of an advisory, Dependabot alerts will be sent to impacted...

GitLab pivots on decision to wipe dormant projects

GitLab appears to have pivoted on a decision to automatically wipe dormant projects.

On Thursday, The Register reported that GitLab planned to delete projects that have been inactive for a year and are owned by free users. The policy was due to come into effect in late September.

GitLab is said to have estimated the policy would save it up to $1 million a year. However, following the report, GitLab’s technically unannounced policy received significant...

SFC urges developers to quit GitHub

The SFC (Software Freedom Conservancy) has quit GitHub and urges other developers to follow.

SFC is a non-profit that aims to provide a home and services to Free, Libre, and Open Source Software (FLOSS) projects.

On Thursday, the SFC posted a blog post criticising the dominant role that GitHub has established in FOSS development.

In the post, Bradley Kuhn, SFC policy fellow, and Denver Gingerich, SFC FOSS license compliance engineer, highlighted the dangers of...

GitHub’s Mermaid support enables developers to quickly create diagrams

GitHub has added native support for Mermaid—enabling developers to quickly generate diagrams.

According to GitHub, both open-source and enterprise developers see a productivity boost of around 50 percent when provided with detailed documentation. Rich, visual formats often help to better present information.

Last month, GitHub added support for .svg files to comments in issues, PRs, discussions, and Markdown files like READMEs. However, GitHub says that it recognises...

GitHub incentivises open-source investments with sponsor-only repos

GitHub is launching private repositories that only sponsors have access to, helping to incentivise open-source investments.

Open-source mostly relies on developers voluntarily giving up their time to build and improve projects. Priority is naturally given to work that helps to keep a roof over their heads and food on the table—meaning that open-source projects can be underdeveloped at best or be left with devastating vulnerabilities at worst.

A growing number of...

GitHub launches preview of improved code search

GitHub is making significant improvements to its code searching experience and has launched a technology preview for an early peek.

The current search index covers more than five million of the most popular public repositories. In addition, developers can also search any private repositories they have access to.

GitHub recommends trying five search functions to see how they could improve your workflow:

Try a simple search and see how the smart ranking and...

GitHub Octoverse 2021: Developer diversity is increasing, code is shipping faster than ever

The 2021 edition of GitHub’s annual Octoverse report highlights a welcome increase in the diversity of the developer community alongside many other interesting trends.

According to the report, almost 60 percent of active GitHub users are now distributed outside North America. The world’s largest repo service is seeing the fastest user growth in Indonesia, Brazil, India, Russia, Japan, Germany, Canada, the UK, and China.

Developers are both writing and shipping code...

Linus Torvalds: GitHub creates ‘absolutely useless garbage’ merges

Linux and Git creator Linus Torvalds has criticised GitHub for creating “absolutely useless garbage merges”.

Torvalds’ comment can be viewed in an archive of a Linux development mailing list and was directed at Konstantin Komarov, Founder and CEO of Paragon Software, about the submission of its read-write NTFS driver for the upcoming 5.15 kernel.

“github creates absolutely useless garbage merges, and you should never ever use the github interfaces to merge...

GitHub ‘sincerely apologises’ to Jewish employee fired over Nazis remark

GitHub has issued a public apology directed at a Jewish employee who was fired after making remarks about Nazis.

Following the US Capitol attack from groups with known associations to Nazis and other white supremacists, the employee posted in an internal Slack channel: “Stay safe homies, Nazis are about."

A co-worker complained about the comment–-calling it “untasteful conduct” and not how to describe the rioters.

Speaking to TechCrunch under conditions...

GitHub CLI 1.0 enables a full repo workflow from the terminal

GitHub CLI, a tool for bringing full repo functionality to your terminal, has reached its first stable version after a very successful beta.

“Developers spend a lot of time in their terminals, and our CLI helps to mitigate the frequent context switching between your terminal and GitHub.com,” says Amanda Pinsker, Product Designer at GitHub.

“Command-line tools enable developers to script nearly any action and automate their workflows, which in turn allows developers...