Nested teams in GitHub don't give you the control you think they do (2 mins read).
Some pain points when using nested teams on GitHub.
Tag github
Liked
Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.
Post details
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
by 
Jamie Tanna
.
#github
#security.
Liked
GitHub - gofri/go-github-ratelimit: A GoLang HTTP RoundTripper that handles GitHub API secondary rate limits
Post details
A GoLang HTTP RoundTripper that handles GitHub API secondary rate limits - gofri/go-github-ratelimit
by Jamie Tanna
.
#go
#github.
Liked
GitHub - bradleyfalzon/ghinstallation: HTTP Round Tripper for GitHub Apps - Authenticate as an Installation Workflow
Post details
HTTP Round Tripper for GitHub Apps - Authenticate as an Installation Workflow - bradleyfalzon/ghinstallation
by Jamie Tanna
.
#go
#github.
Reposted
Terence Eden (@Edent@mastodon.social)
Post details
Now is an excellent time to visit https://github.com/settings/applications Revoke all those unused and unloved applications which have access to your GitHub account.
by Jamie Tanna
.
#github
#security.
Liked
How we improved push processing on GitHub
by
Post details
Pushing code to GitHub is one of the most fundamental interactions that developers have with GitHub every day. Read how we have significantly improved the ability of our monolith to correctly and fully process pushes from our users.
by Jamie Tanna
.
#github
#performance.
Liked
Working as unexpected
Post details
Don't let the unexpected derail your projects. Read our guide on embracing uncertainty in software development and unlock new possibilities. Everything you need to know about securing the software supply chain.
by Jamie Tanna
.
#github.
Calculating the GitHub API's sha representation of a local file (2 mins read).
How to locally calculate the same sha of a given file, so you can compare it against the GitHub API's representation.
by Jamie Tanna
.
#blogumentation
#github
#go.
Responsible Disclosure: Using GitHub Search (without logging in using SSO) still allows searching (4 mins read).
Reporting on a HackerOne responsible disclosure that I found in GitHub, where you could exfiltrate data without signing in to GitHub SSO.
Very excited to announce that @lornajane and I are running a new @openuk Meetup that's digital-only, alongside the other great events being run by the #OpenUK organisation.
Our first event will be a tie-in with #GitHub's #MaintainerMonth and we'll be hearing from a number of excellent maintainers from a variety of projects - stay tuned for more details.
Looking forward to seeing some of y'all on May 22nd at 1200 noon (UK time) for an interesting webinar!
(This will be in addition to other OpenUK events still being hybrid where possible)
GitHub relaxing the requirement of the construction of the GitHub App's JWT (under private_key_jwt) is interesting, especially if now you don't need to know the installation ID to auth.
Presumably this also means that on GitHub's side they're still limiting access to repos that an installation has access to, but I'd have assumed that by doing it by installation ID you'd get additional checks
(I'd been lazy in the past and would rarely persist the installation ID, needing me to then go in and find it through the GitHub UI 😅)
by Jamie Tanna
.
#github.
Automating the syncing of files between repos with GitHub Actions (2 mins read).
Creating a GitHub Action workflow to periodically update vendored files which are out-of-sync between GitHub repos.
Liked
The end of GitHub PATs: You can’t leak what you don’t have
Post details
Everything you need to know about securing the software supply chain.
by Jamie Tanna
.
#github.
Liked
Keeping repository maintainer information accurate
by
Post details
Discover how keeping repository maintainer information accurate through CODEOWNERS files and automating maintenance with tools like cleanowners fosters efficient collaboration and sustainable software projects.
by Jamie Tanna
.
#github.
Reposted
Mayank (@hi_mayank@hachyderm.io)
Post details
github tip: you can use "redirect.github.com" when referencing an issue/PR from another repo inside an issue/PR in your repo this will avoid your issue getting backlinked into the other repo's issue, reducing noise. example: "github.com/nodejs/node/6969" becomes: "redirect.github.com/nodejs/node/6969"
by Jamie Tanna
.
#github.
Using renovate-to-sbom with the GitHub Dependency Submission API (4 mins read).
How to improve the data in GitHub's Dependency Graph by using an SBOM produced by Renovate data.
by Jamie Tanna
.
#dependency-management-data
#renovate
#sbom
#github.
Comparing the different Merge Request / Pull Request merge methods in GitLab and GitHub (2 mins read).
How the different merge methods for contributions work between GitLab and GitHub.
Liked
Don’t Start Pull Requests from Your Main Branch
by
Post details
When contributing to other users’ repositories, always start a new branch in your fork.
by Jamie Tanna
.
#open-source
#github.
Liked
jalciné needs a job but also (@jalcine@todon.eu)
Post details
Ha, did not realize that with Microsoft's acqi of GitHub, they pushed it into so many government and enterprise spaces a lot more quickly. Probably why the leadership team there caved to Microsoft, it was more money.
by Jamie Tanna
.
#microsoft
#github.
Liked
Ben Delarre (@bendelarre@mastodon.social)
Post details
The new #github based on #react is an abject failure to improve the user experience. On every count it is objectively worse than previous iterations. Page load time is poor, interactivity is gated seemingly on very large JS loads. Initial page layout is broken on mobile and randomly resizes the width of the viewport after loading. The number of micro-annoyances seem to be adding up daily. This is like an object lesson in what not to do to your successful webapp.
by Jamie Tanna
.
#github.
Liked
Sign in with GitHub in Go - Eli Bendersky's website
Post details
by Jamie Tanna
.
#github
#oauth2
#go.
Liked
GitHub repos bombarded by info-stealing commits masked as Dependabot
Post details
Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers.
dependency-management-data now supports Software Bill of Materials (SBOMs) and has better Dependabot support (2 mins read).
Announcing improved support for Dependabot and support for Software Bill of Materials (SBOMs).
Prefer using the GitHub Software Bill of Materials (SBOMs) API over the Dependency Graph GraphQL API (2 mins read).
Why you should use GitHub's Software Bill of Materials API instead of the Dependency Graph GraphQL API.
Setting up real-time Slack notifications for GitHub (1 mins read).
How to get Slack's real-time notifications integrated with GitHub.
Liked
Four tips to keep your GitHub Actions workflows secure
by
Post details
Researchers from Purdue and NCSU have found a large number of command injection vulnerabilities in the workflows of projects on GitHub. Follow these four tips to keep your GitHub Actions workflows secure.
by Jamie Tanna
.
#github
#security.
Liked
Scaling merge-ort across GitHub - The GitHub Blog
by
Post details
GitHub switched to performing merges and rebases using merge-ort. Come behind the scenes to see why and how we made this change.
by Jamie Tanna
.
#github
#git.
Merging a branch in GitHub - the hard way (4 mins read).
How to (kinda) merge two branches in GitHub using the underlying Git database API.
Liked
Addressing GitHub’s recent availability issues | The GitHub Blog
by
Post details
GitHub recently experienced several availability incidents, both long running and shorter duration. We have since mitigated these incidents and all systems are now operating normally. Read on for more details about what caused these incidents and what we’re doing to mitigate in the future.
by Jamie Tanna
.
#github
#production.
Getting the commit author details for a GitHub App account (1 mins read).
How to retrieve the git commit author details for a given GitHub App.
Liked
Stay mainline — brandur.org
Post details
A few thoughts on GitHub’s practice of keeping their code synchronized with Rails <code>main</code>.
by Jamie Tanna
.
#open-source
#github
#rails.
Liked
Building GitHub with Ruby and Rails | The GitHub Blog
by
Post details
Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers collaborate on it daily. We deploy as often as 20 times a day, and nearly every week one of those deploys is a Rails upgrade. Upgrading Rails weekly Every […]
by Jamie Tanna
.
#github
#rails.
Liked
Building organization-wide governance and re-use for CI/CD and automation with GitHub Actions | The GitHub Blog
by
Post details
Many of us are aware of the benefits that a strong focus on automation can bring, particularly in our development workflow and DevOps lifecycle. But silos across businesses can lead to duplication of effort, and potential to lose out on best practices. In this post, we’ll explore how CI/CD can be shared across your entire organization alongside policies, for a well-governed experience with GitHub Actions.
Liked
Saying Goodbye to GitHub
Post details
I've been using GitHub since I was eleven years old. To be fair, I didn't really understand git at the time, but I was able to fumble my way through it...
by Jamie Tanna
.
#github
#ethics
#ai
#licensing.
This is cool, I've been considering what the process is for setting one of these up recently
Post details
We are open sourcing our own OSPO policies, tools, and guides to help other OSPOs get started. See how you can get started. github.blog/2023-03-13-an-…GitHub (@github)Fri, 31 Mar 2023 12:07 +0000
by Jamie Tanna
.
#open-source
#github.
Checking if files are synced between repos with GitHub Actions (2 mins read).
Creating a GitHub Action workflow to indicate when vendored files are out-of-sync between GitHub repos.
Getting a GitHub App installation token on the command-line (2 mins read).
How to get a GitHub App installation token (using Typescript) for a given installation.
Listing the status of your branch protection in GitHub (1 mins read).
Creating a command-line Go tool to list the branch protection status of your repositories.
Performing bulk changes across Git(Hub) Repos with Turbolift and Microplane (4 mins read).
Using Turbolift and Microplane to enact changes across many Git(Hub) repositories.
by Jamie Tanna
.
#blogumentation
#git
#github
#turbolift
#microplane
#automation.
Liked
Improve GitHub Actions OIDC security posture with custom issuer
Post details
GitHub Actions has supported using OIDC tokens for about 15 months now. It is a much better of providing AWS credentials to workflows than creating IAM users and storing long-lived access keys in GitHub Actions secrets.
by Jamie Tanna
.
#aws
#github
#oidc.
Enabling/Disabling GitHub Issues via the GitHub API (1 mins read).
How to use the GitHub API to update whether Issues are enabled on a given repo or not.
Liked
Simon Willison (@simon@simonwillison.net)
Post details
Attached: 1 image https://github-contributions.vercel.app/ Is really neat - renders a single image with your entire GitHub contribution history, mine goes all the way back to 2008!
by Jamie Tanna
.
#github.
Liked
GitHub - mszostok/codeowners-validator: The GitHub CODEOWNERS file validator
Post details
The GitHub CODEOWNERS file validator. Contribute to mszostok/codeowners-validator development by creating an account on GitHub.
by Jamie Tanna
.
#github.
Liked
a post on bell.bz
by
Post details
this new github font is ace(https://bell.bz/@andy/109506410817881263)
by Jamie Tanna
.
#github.
Prefilling OAuth2 scopes for GitHub Personal Access Tokens (1 mins read).
How to make it easier to set up your OAuth2 scopes on a Personal Access Token with GitHub.
You're currently viewing page 1 of 4, of 182 posts.