Localhost dangers: CORS and DNS rebinding
What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we’ll describe some common CORS issues as well as how you can find and fix them.
Home / Latest
The latest blogs from GitHub
Explore the latest blogs from GitHub on all things software development from the newest capabilities on the GitHub platform to research and insights—and guides to help you level up your engineering skills.
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help
Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today’s launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes.
GitHub for Beginners: How to get LLMs to do what you want
Learn how to write effective prompts and troubleshoot results in this installment of our GitHub for Beginners series.
5 GitHub Actions every maintainer needs to know
With these actions, you can keep your open source projects organized, minimize repetitive and manual tasks, and focus more on writing code.
How engineers can use one-on-ones with their manager to accelerate career growth
Go beyond status updates and use these meetings to surface challenges, solve problems, and drive impact.
Mastering GitHub Copilot: When to use AI agent mode
Discover the differences between agent mode and Copilot Edits with GitHub Copilot—and when to use them in your workflows.
A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple
A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.
World Water Day: how GitHub Copilot is helping bring clean water to communities
From simplifying the workflow of a developer to having an impact on the global water crisis, technology and AI are reshaping the way charity: water works.
Video: How to create checklists in Markdown for easier task tracking
Ever wondered how to create checklists in your GitHub repositories, Issues, and PRs? Make task lists more manageable in your GitHub repositories, issues, and pull requests.
IssueOps: Automate CI/CD (and more!) with GitHub Issues and Actions
A look into building IssueOps workflows on GitHub to do everything from CI/CD to handling approvals and more.
GitHub for Beginners: Essential features of GitHub Copilot
Get the most out of Copilot with code completion, inline chat, slash commands, Copilot code review, and more.
Highlights from Git 2.49
The open source Git project just released Git 2.49. Here is GitHub’s look at some of the most interesting features and changes introduced since last time.
How GitHub engineers learn new codebases
Strategies to quickly get up to speed, whether you’re a seasoned engineer or a newcomer to the field.
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.
GitHub Availability Report: February 2025
In February, we experienced two incidents that resulted in degraded performance across GitHub services.
Why Java endures: The foundation of modern enterprise development
For 30 years, Java has been a cornerstone of enterprise software development. Here’s why—and how to learn Java.
Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.
4 steps toward building an open source community
Three maintainers talk about how they fostered their open source communities.
Video: How to run dependency audits with GitHub Copilot
Learn to automate dependency management using GitHub Copilot, GitHub Actions, and Dependabot to eliminate manual checks, improve security, and save time for what really matters.
Not just for developers: How product and security teams can use GitHub Copilot
GitHub Copilot isn’t just for developers! Discover how product managers, security professionals, scrum masters, and more use GitHub Copilot to streamline tasks, automate workflows, and boost productivity across teams.
Finding leaked passwords with AI: How we built Copilot secret scanning
Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context. This blog post will explore the technical challenges we faced with building the feature and the novel and creative ways we solved them.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
