GitHub suffers from over 100K infected repos

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code.

This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised.

Similar to dependency confusion attacks – which exploit package managers – repo confusion attacks rely on human error,...

GitLab pivots on decision to wipe dormant projects

GitLab appears to have pivoted on a decision to automatically wipe dormant projects.

On Thursday, The Register reported that GitLab planned to delete projects that have been inactive for a year and are owned by free users. The policy was due to come into effect in late September.

GitLab is said to have estimated the policy would save it up to $1 million a year. However, following the report, GitLab’s technically unannounced policy received significant...

GitHub incentivises open-source investments with sponsor-only repos

GitHub is launching private repositories that only sponsors have access to, helping to incentivise open-source investments.

Open-source mostly relies on developers voluntarily giving up their time to build and improve projects. Priority is naturally given to work that helps to keep a roof over their heads and food on the table—meaning that open-source projects can be underdeveloped at best or be left with devastating vulnerabilities at worst.

A growing number of...

GitHub launches preview of improved code search

GitHub is making significant improvements to its code searching experience and has launched a technology preview for an early peek.

The current search index covers more than five million of the most popular public repositories. In addition, developers can also search any private repositories they have access to.

GitHub recommends trying five search functions to see how they could improve your workflow:

Try a simple search and see how the smart ranking and...

Travis CI flaw exposed thousands of open-source projects’ secrets

A flaw in popular software testing tool Travis CI exposed the secrets of thousands of open-source projects.

Travis CI is a hosted continuous integration service used to build and test software projects hosted on GitHub and Bitbucket.

For at least a week – between 3-10 Sept – open-source repos that used Travis CI had their keys, credentials, and tokens exposed.

Ethereum developer Felix Lange discovered a flaw with how Travis CI handled environmental...

GitHub Discussions exits beta to help boost developer communities

GitHub’s collaboration-driving feature Discussions is exiting beta to help developer communities thrive.

Discussions enable developers to make repos fun, collaborative, and engaging spaces with features like the ability to pin big announcements, label discussions, mark the most helpful answers, personalise categories, and respond on-the-go via mobile.

Later this year, GitHub will be adding two more features:

Ask your community with polls. With the new Polls...

GitHub ‘sincerely apologises’ to Jewish employee fired over Nazis remark

GitHub has issued a public apology directed at a Jewish employee who was fired after making remarks about Nazis.

Following the US Capitol attack from groups with known associations to Nazis and other white supremacists, the employee posted in an internal Slack channel: “Stay safe homies, Nazis are about."

A co-worker complained about the comment–-calling it “untasteful conduct” and not how to describe the rioters.

Speaking to TechCrunch under conditions...

GitHub is restored in Iran after US gov permits sanctions exemption

GitHub is fully-restored in Iran after the US government granted the Microsoft-owned firm an exception to sanctions.

“All developers should be free to use GitHub, no matter where they live,” wrote GitHub in a blog post.

“At the same time, GitHub respects and abides by US law, which means government sanctions have limited our ability to provide developers in some countries the full range of GitHub services.”

GitHub ceased most operations in North Korea,...

State of the Octoverse 2020: Devs increase productivity despite pandemic

GitHub’s latest State of the Octoverse has been released, offering developer insights for a year which has been unlike any other.

Fortunately, software development is one industry which could adapt quickly to the unique circumstances brought about by the pandemic. Many developers already work remotely so, for some, minimal-to-no changes were required to their working habits during lockdowns.

56 million developers used GitHub in 2020—making over 1.9 billion...

GitHub CLI 1.0 enables a full repo workflow from the terminal

GitHub CLI, a tool for bringing full repo functionality to your terminal, has reached its first stable version after a very successful beta.

“Developers spend a lot of time in their terminals, and our CLI helps to mitigate the frequent context switching between your terminal and GitHub.com,” says Amanda Pinsker, Product Designer at GitHub.

“Command-line tools enable developers to script nearly any action and automate their workflows, which in turn allows developers...