Game Off, our annual game jam returns in November

GitHub Game Off 2017

Game Off—our fifth annual game jam returns in just two weeks!

A game jam is a hackathon for creating video games. Although most game jams run for 24-72 hours, the Game Off runs for the entire month of November. You'll have 30 days to create a game inspired by or loosely based on a theme that we'll announce Wednesday, November 1, at 13:37 pm PDT.

As always, you're encouraged to use open source game engines, libraries, and tools, but you're free to use any technology you want. It's a perfect excuse to experiment with something new, too.

This year, the Game Off will take place on–an open marketplace for indie game developers and platform for running game jams among other things. Best of all, this year, you'll be the judging the entries.

We'll announce all the latest updates on our blog and Twitter account. Stay tuned and follow along with the #GitHubGameOff hashtag!

Join the jam on today

GLHF! We can't wait to see play what you make <3

Doubling Bug Bounty rewards

Hack the World 2017

We're coming up on four years since the Bug Bounty program was first announced. A lot has changed in that time, and we constantly try to keep our reward structure inline with top security bug bounty programs. We're excited to announce that starting today we're doubling our payout amounts, bringing the minimum and maximum payouts to $555 and $20,000, respectively. This means that any report eligible for a bounty will be met with at least a $555 reward. This doesn't mean we're raising the bar for what is considered a valid report, we're simply raising the payouts.

This bump to our payouts aligns with Hack the World, an annual hacking competition by HackerOne, which kicked off this morning and runs until November 18th. During this time participants compete against each other to find the most security vulnerabilities across all sites on HackerOne's platform. We're one of the sponsors, which means hackers will be rewarded with twice the reputation points on HackerOne when finding bugs on GitHub over the next month! As an additional incentive, we will also be rewarding all valid submissions with free unlimited private repositories for life. The increased bounty payouts are here to stay, but unlimited private repositories will only rewarded on reports submitted on or before November 18th!

Ready to compete? Submit all reports to our Bug Bounty program. For more details on the competition, please visit the Hack the World website.

Get started with Hacktoberfest

Get started with Hacktoberfest

If you're an open source maintainer, it's time to get your repository ready for Hacktoberfest.


Communities grow during Hacktoberfest. Just ask Peter Tseng, now a core contributor of Exercism, which he found during Hacktoberfest. He said, "[it] was my first time being an open source maintainer (not counting projects in which I'm the only contributor)... I've learned a lot about working with others from that."

Home Assistant also received almost 250 pull requests last year. That's significant impact for one repository—not to mention the 92,259 other PRs that were opened across 29,287 other repositories.

How to get started

Below are a few highlights from our Open Source Guides to help get you set up.

1. Run some maintenance on your documentation

Remove barriers from anyone who wants to get started quickly and add some clarity so that their contributions meet expectations.

  • Add a README that helps people understand why your project matters and what your users can do with it. See an example template.
  • Encourage contributions by including a file that explains your expectations for a submission and how to best participate in your project. Try this template, for example.
  • Identify the ground rules for contributor behavior, and facilitate a healthy and constructive community by adding a Code of Conduct, for example the Contributor Covenant.
  • Add a license to tell others what they can and can't do with your source code. A lot of open source projects use to confirm the best one for their project.
  • Provide an issue template that supports new contributions by outlining your expectations. Start with this example Template from Hoodie.

2. Increase your searchability

You want to make it easy for the right people with the right skills to find you, right?

  • If any and all community contributions are welcome, add #Hacktoberfest to your repository's topics, located directly under your repository description.
    • Add more topics to the repository. You can do this for languages, project types (games, web design, app, etc), and other skills that appeal to broad ability sets.
  • To accomplish specific goals on open tasks, create a Hacktoberfest label for your Issues and Pull Requests.
    • Don't forget to assign the Hacktoberfest label to any open Issues and PR's that welcome community contributions after creation.

If you receive “spammy” pull requests, please let us know by applying the “invalid” label.

And that's it! Happy Hacking. 🎃

Mission report: GitHub Universe 2017


This week, more than 1,000 developers from around the world joined us at Pier 70 in San Francisco for our flagship conference. We learned new skills in workshops, heard from industry experts about the future of software development, and explored new GitHub products powered by the world’s largest collection of open source data.

Here’s a look back at who came, what they saw, and how they conquered this Universe.

GitHub Universe 2017

What’s new in the GitHub universe

We kicked off the first day of the conference with an opening keynote and product updates from GitHub CEO Chris Wanstrath, Data Engineering Manager Miju Han, and Platform Engineering Manager Kyle Daigle.

They introduced new experiences that can help you protect your code and discover relevant projects:

  • Keep track of the projects your code depends on with the new dependency graph (and soon, you’ll get security alerts and suggested fixes from your dependency graph)

  • Find hand-picked resources and projects like yours with Explore

  • Get smart recommendations from your new “Discover repositories” feed

And we shared a data-filled review of the projects, people, and teams of 2017 (and the last ten years) that you can explore further in this year’s Octoverse.

See all of the updates


From Felipe Hoffa’s exploration of what we learn from 42 TB of Google code to Flora Dai’s search for efficient music discovery at Pandora, the 40 sessions that followed introduced new ideas from unexplored parts of the software universe.


Attendees who made it to the workshops got a full day of hands-on building with leading technologies and concepts, taught by the people who know them best. They built new Electron apps, learned new command line tricks, and discussed how to make their teams more inclusive in an inspiration-rich gallery space.

After Party

We wrapped up the first day of the conference with a benefit concert supporting Maven—our nonprofit partner that empowers LGBTQ youth to network, organize, and build tech solutions for social change—on National Coming Out Day. Our headliner, Neon Trees, played their hits as more of the community met each other over food truck bites and drinks at Mezzanine.


Our business and community sponsors kept the recharge power, waffle cones, cold brews, juice, and inspiration flowing throughout the event. Universe wouldn’t be possible without the imaginations and contributions from these organizations.

Universe sponsor logos

Thank you, GitHub community

Thanks for being part of 1.5 billion commits over the last decade together and for helping our third Universe take flight. If the last ten years are any indication, we’ve got a lot to look forward to. See you next year at Universe or at an event near you!

Level up your workflow with these new Marketplace Apps


We're welcoming four new apps to GitHub Marketplace—built to help you review, secure, and monitor your code.

Code review

AccessLint brings automated web accessibility testing into your development workflow. When a pull request is opened, AccessLint reviews the changes and comments with any new accessibility issues, giving you quick, timely, and targeted feedback, before your code goes live.

Dependency management

Dependabot helps you keep your Ruby, JavaScript, Python, and PHP dependencies up-to-date. Every day, Dependabot pulls down your dependency files and looks for any outdated requirements. If dependencies are out-of-date, it opens individual pull requests so they can be updated.

Greenkeeper brings safety and consistency to npm with real-time monitoring and automatic update testing for your dependencies. It acts as a friendly bot that sends you informative, actionable pull requests and issues so you can easily keep your software up-to-date and in working condition.


LogRocket lets you replay problems as if they happened in your own browser. Instead of guessing why errors happen or asking users for screenshots and logs, LogRocket provides you with a video recording of exactly what the user saw, along with console logs, network requests, and application states so you can quickly pinpoint what went wrong.

We’re excited to keep giving developers the tools they need to build software and the flexibility to evolve their workflows as their needs change. Discover new tools on GitHub Marketplace and integrate them into your workflow in minutes.

GitHub now works directly with AWS CodeStar

GitHub and AWS

From code review and project management to deployment and monitoring, you can choose the exact tools your workflow needs among hundreds of apps and services available on the GitHub platform.

Now it’s easier to connect GitHub to your deployment system of choice with AWS CodeStar's new integration. Use GitHub directly within AWS CodeStar’s continuous integration and continuous deployment (CI/CD) toolchains, and manage your software release workflow including code commits, builds, and deployments for AWS applications in one place.

Each AWS CodeStar project template provides you with the option to use GitHub as your version control system for the software projects you build with AWS.

GitHub in AWS interface

When you create a new project with AWS CodeStar and GitHub, you’ll also be able to centrally track commits, issues, and pull requests from a single dashboard—making it easy to manage project activity across your CI/CD toolchain and simplify project management for your AWS applications.

AWS and GitHub integration

Start building with GitHub and AWS CodeStar today. And stay tuned for more integrations that bring together your favorite software development tools.

Connect GitHub and AWS CodeStar

A more connected universe

universe october 11-12

Almost a decade ago, GitHub was created as a place for developers to work together on code. Now, millions of people around the world use our platform to build businesses, learn from each other, and create tools we’ll use for decades to come. Together, you’ve shown that some of the most inventive, impactful things happen when curious and creative people have a space to work together.

Today, at GitHub Universe, we shared plans to build on our ten years of experience and 1.5 billion commits. We've taken the first step toward using the world's largest collection of open source data to improve the way we collaborate with these new experiences.

Watch GitHub Universe

Protect code with your dependency graph and security alerts

There are millions of open source projects on GitHub. If you build software, your code likely depends on at least one of those projects. Now, our data can help you manage increasingly complex dependencies and keep your code safer as you work on connected projects—even for private repositories.

Dependency graph

The new dependency graph gives you insight into the projects your code depends on and projects that depend on your code. Now you can see all of the packages and applications you're connected to, without leaving your repository. Your graph currently supports Ruby and JavaScript, and Python support is on the way!

Learn more about your dependency graph

Security alerts (coming soon)

Soon, your dependency graph will be able to track when dependencies are associated with public security vulnerabilities. We’ll notify people who have access when we detect a vulnerability, and in some cases, suggest a known security fix from the GitHub community.

Security alerts are the first in what we hope will be a robust collection of tools to keep your code safe, and we need people who build on our APIs to help us make them even better—and to keep security data current for the community. We can't wait to see what you can do!


Discover new projects with news feed and Explore

With more than 25 million active repositories on GitHub, there are new ways to get involved in projects and communities every day. We have two improved experiences that will help you find the ones you’re interested in.

News feed

Your updated news feed connects you with opportunities to explore and expand your corner of GitHub like never before.

Behind the new “Discover repositories” feed on your dashboard, you’ll see recommendations for open source projects to explore. These recommendations are tailored to you based on people you follow, repositories you star, and what’s popular on GitHub.

You're in control of the recommendations you see: Want to contribute to more Python projects? Star projects like Django or pandas, follow their maintainers, and you'll find similar projects in your feed. You can also dismiss any updates you're not interested in, and you'll see less like those in the future. The “Browse activity” feed in your dashboard will continue to bring you the latest updates directly from repositories you watch and people you follow.


Discover new projects


We’ve completely redesigned the Explore experience to connect you with curated collections, topics, and resources from GitHub contributors around the world.

Collections are hand-picked resources from the GitHub universe and beyond. Browse collections to learn about ideas that interest you, like machine learning or game development, and find repositories and organizations that help you dig deeper.

Topic pages help you find projects related to technologies, languages, frameworks, or platforms—thanks to the GitHub community’s topic tags. Use topic pages to find all Android or CSS projects for example, and suggest edits to topic pages in our public repository.


Start exploring

Other ways to connect

We're also introducing Premium Support for GitHub Enterprise, and we'll be introducing a new Community Forum, Marketplace trial program, and team discussion tool soon.

See what else is new

This is just the beginning

These experiences are a first step in using insights to complement your workflow, but there’s so much more to come. With a little help from GitHub data, we hope to help you find work you're interested in, write better code, fix bugs faster, and make your GitHub experience totally unique to you.

We can’t wait to get building, and more importantly, see what you build when you have all of the right tools and people behind you.

Today’s launches wouldn’t be possible without all of your work on open source projects over the last decade. The future of GitHub is in the hundreds of millions of commits you’ve already made. Thanks for everything you've contributed so far.

Want to see all of the work you’ve been a part of? See our community’s year in data:

Explore Octoverse

Webcast recap: Driving secure, collaborative development

webcast blog image

Security is an essential part of any engineering organization—especially in regulated industries, like automotive.

In our recent webcast, "Driving secure, collaborative development", GitHub Solutions Engineer Phil Holleran walked through GitHub features that can make your security and compliance workflows less painful. Here are some key takeaways and a link to watch the recording.

Watch the webcast

Secure accounts and organization

Simple as it may sound, enforcing multi-factor authentication (MFA) across your organization is an easy way to avoid security vulnerabilities and outsider access. It’s also important to periodically audit the other ways people in your organization can authenticate and deploy. Occasional reviews help you check if the applications and keys are still in use, and if your users have successfully authorized them to act on their behalf.

Secure applications and integrations

Personal access tokens and OAuth applications can present security challenges with complex permissioning. Use GitHub Apps to eliminate the need for machine users, and only grant access to the people who need it.

Secure code

With GitHub branch protection, protect your code from unwanted modifications by preventing force pushes (and deletion) and requiring code reviews. With the new code owners feature in GitHub, you can easily automate the assignment of reviewers.

To learn more, watch the recording.

Check out other webcasts

Diversity and inclusion at GitHub Universe

universe october 11-12

Universe is just around the corner and we wanted to take one more opportunity to acknowledge our 2017 Community Partners. The following incredible organizations were kind enough to assist with scholarship ticket distribution this year and we are looking forward to seeing them at the conference this week.

Last month, we reached out to our Community Partners and asked them to share why diversity and inclusion matters to them—here are some of their responses.

"If technology is going to be used to solve some of the problems facing society today, the people who have experienced these issues firsthand must be on the development teams. Diversity and inclusion must encompass all things—not just race, gender, sexual orientation, age, and educational background. It must include the various backgrounds and life experiences that make up our society."

  • Victoria Westbrook, Program Graduate and Director of Programs and Operations at Code Tenderloin

"We all benefit when we use everyone's talents to make the world a better place. The more awesome people we have working on the world's hardest problems, the better."

  • Makinde Adeagbo, Founder and CEO of /dev/color

"Older Women Coders recognizes the inherent value in older STEM workers. We know that older STEM workers are an underserved market because our own needs are not being met."

  • Julee Burdekin, Older Women Coders

“We believe that the difference that many refer to as a "technical mindset" versus a "non-technical" mindset is primarily cultural. Operation Code works to bridge that cultural gap with a welcoming environment and a friendly community.”

  • Conrad Hollomon, Operation Code

“It’s been proven that focusing on diversity and inclusion creates space for more voices to share knowledge, create ideas and thus solve problems better. That’s why we’re excited to attend the Github Universe conference, where there’s a focus on making sure those from diverse backgrounds have the opportunity to learn, have their opinions matter, and solve problems with the best engineers in the universe.”

  • Albrey Brown, Director of Diversity and Inclusion at Hack Reactor

We’re beyond excited to see these organizations represented at GitHub Universe. If you weren't able to buy your ticket, there are a few ways for you to join us remotely. Watch from a viewing party in Berlin, London, or Paris—or tune into the livestream at

Release Radar · November 2017

GitHub Release Radar October 2017 Edition

We’re kicking off Cyber Security month with a few projects to help up your security game with the tools and know-how to protect yourself from common vulnerabilities.

These are the new projects and releases on our radar built to keep your code safe from across the GitHub community, help you work more efficiently, and have some fun with quadrotors.

Brakeman 4.0.0: Guard your Rails apps from threats

Brakeman is an open source static analysis tool that checks for security vulnerabilities in Ruby on Rails applications. It can guard against common web vulnerabilities like SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, and more.

Installation is simple. Run brakeman against your Rails app, and guard against Little Bobby Tables and friends:

Possible SQL injection near line 1337:
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))

OWASP Juice Shop 5.0.0: Discover new vulnerabilities

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript covering the OWASP Top Ten and other severe security flows. The release notes introduce some of the new features and challenges like the NoSQL Injection challenge.

OWASP Juice Shop 5.0.0

Why not level up your web security skills or host a Capture the Flag (CTF) event? OWASP Juice Shop is easy to install on Windows/MacOS/Linux. Choose from Node.js, Docker, or Vagrant to deploy.

Speaking of Vagrant...

Vagrant 2.0: Create and configure lightweight development environments

Vagrant is a tool for building, maintaining, and distributing development environments running on local virtualized platforms like VirtualBox or VMware. Use Vagrant in the cloud via AWS or OpenStack—or in containers like Docker or raw LXC.

Find out more about in the Vagrant 2.0 annoucement.

Vagrant 2.0

Did you know: Since the project began more than seven years ago, 750 contributors have helped move it forward.

Stories Untold Update #3: An experimental text adventure

In Stories Untold, viruses and cybersecurity are the least of your worries. This award-winning game from No Code Studio is a compilation of experimental text adventure games that'll have you on the edge of your seat.

The latest release fixes a number of bugs and introduces support for macOS.

Did you know: Stories Untold started out as game jam entry for the Ludum Dare competition. The first episiode, originally called House Abandon, was built in a single weekend by just two people.

Voyager 1.0: Get help with administrative tasks

Voyager is an Admin Package for Laravel to enable CRUD tasks (creating, replacing, updating, or deleting) content. Well, they prefer BREAD (reading, editing, adding, and deleting content).

Read more in the 1.0 announcement blog post.

Voyager 1.0

AirSim 1.0: Experiment with AI

AirSim is an open source simulator for drones, cars, and more available as a plugin for Unreal Engine. Developed by Microsoft Research AI, AirSim is a platform to experiment with deep learning, computer vision, and reinforcement learning algorithms for autonomous vehicles. Find out more or read the recently-published paper from the Field and Service Robotics conference on their website.

AirSim 1.0

Did you know: Quadrotors were the first vehicles to be implemented in the platform, but there’s also support for self-driving cars—and you can take over the controls manually.

React v16.0: A JavaScript library for building user interfaces

React, a declarative JavaScript library for building component-based user interfaces for web and mobile recently released v16.0. This is the first version of React built on top of a new core architecture, codenamed “Fiber”. The v16.0 announcement post has all the details.

Installing or upgrading with Yarn is as easy as:

yarn add react@^16.0.0 react-dom@^16.0.0

Speaking of Yarn...

Yarn 1.0.0: Fast, reliable dependency management

Almost a year after it was initially released, the Yarn JavaScript dependency manager just hit 1.0.

At Facebook, Yarn has been adopted across many codebases including the main Facebook app and website, Instagram, Oculus, and WhatsApp. Yarn supports hundreds of thousands of package installs on our systems every day. It was designed to scale even when a project has hundreds or thousands of direct or transitive dependencies.

The 1.0 release introduces a number of new features like Workspaces, auto-merging of lockfiles, and a whole bunch of performance improvements and bug fixes to help developers move fast and ship software. Find out more in their blog post.

JGProgressHUD 2.0: Simple progress HUDs for iOS and tvOS apps

pProgressHUD  2.0

Build simple progress HUDs for iOS and tvOS apps with JGProgressHUD. It's simple to use, has customizable styles, and there are plenty of examples to play with. A little Swift can go a long way:

let hud = JGProgressHUD(style: .dark)
hud.textLabel.text = "Loading" self.view)
hud.dismiss(afterDelay: 3.0)

JGProgressHUD example

Speaking of Swift...

Swift 4.0

Congratulations to the Swift team and to all the contributors working on Swift 4.0! Find out more about the release in announcement blog post, or check it out for yourself in this Xcode playground showcasing the new features in Swift 4.0.

Thanks to everyone building projects that make our community great. Are you releasing something exciting soon? We'd love to help you celebrate! Send a note to

Project note summary cards bring more context into your boards

Now you can get a more complete overview of the work going into your project without leaving your project board. When you reference an issue or pull request in a note, you'll see a preview of the cross-referenced link in a summary card.

Example of project summary cards

Projects are a great way to organize tasks, but often those tasks have external dependencies to keep track of. Notes provide a way to add links to those external dependencies. Now, those references will bring valuable context like assignee, state, and labels right into view on the board.

You can add any issue or pull request on GitHub to your project by entering its URL into the note field. If it can be a first class card in the project, we'll convert it for you. If it's outside the scope of your project, you'll see the new summary card instead. This behavior is automatically applied to all notes, so there's nothing you need to do to upgrade your existing boards.

GitHub Universe is almost here


Our flagship conference is just a week away, and tickets are almost sold out! Don’t miss your chance to hear about some of our biggest product ships, learn from industry experts in over 40 breakout sessions, and support a great cause at the Universe After Party featuring Neon Trees.

Get tickets

Make this Universe yours

There’s something for everyone at our flagship community conference. If you can make it, here are a few events you might want to make part of your mission.

Executive keynotes at Pier 70

Get a closer look at new GitHub products and plans from Co-Founder and CEO, Chris Wanstrath, and SVP Technology, Jason Warner.

Ask GitHub

From using the command line to landing your dream job, experts from the GitHub Team are ready to help you do more. Just stop by the Ask GitHub area when you arrive!

The Universe After Party at Mezzanine

Support one of our closest nonprofit partners Maven—an organization that empowers LGBTQ youth to network, organize, and build tech solutions for social change—and celebrate with a set from our headliner, Neon Trees.

Check out the schedule

Watch where you are

If you can’t make it to San Francisco, we’re hosting viewing parties in three cities across Europe. Join developers in your community for the next best thing to being there.

Join a viewing party


Celebrate open source this October with Hacktoberfest

Hacktoberfest returns this October

Celebrate open source this October by participating in the fourth annual Hacktoberfest, a month-long celebration of open source software in partnership with DigitalOcean.

Last year, contributors from 114 countries submitted over 90,000 pull requests to all kinds of projects—everything from documentation tweaks and bug fixes to new features and performance improvements.

Some incredibly welcoming communities and projects like Home Assistant, the open source home automation platform, saw over five hundred contributions throughout the month. Some first time-contributors continued on projects and have gone on to become regular contributors and maintainers.

Home Assistant Hacktoberfest Tweet

Whether it's your first or four-hundredth contribution, we think everyone can get something out of Hacktoberfest—the thrill of committing to open source or the rush that comes with your first merged pull request, for example.

@AlexandraABowen Hacktoberfest Tweet

If that's not enough, consider the free limited-edition t-shirt you'll receive when you make four valid pull requests! Please visit the Hacktoberfest website for full details.

Free Hacktoberfest 2017 T-shirt for completing four pull requests

Connect with other participants, show the world your contributions, or just show off your new shirt with the #hacktoberfest hashtag on Twitter, Facebook, or Instagram. We love hearing about your first open source contributions 🎉

Don't know where to start? If you've got the skills and a little free time this October, there's an open source project that could use your help.

To participate, simply open a pull request and contribute to any open source project during the month of October. Fix a bug, add a feature, or even improve some documentation. You can find projects that need your help by searching the hacktoberfest label and filtering for your programming language of choice.

Learn more from the Hacktoberfest website

Inline comments in GitHub for Visual Studio

GitHub for Visual Studio 2.3 adds the ability to comment on pull requests directly from your IDE. Simply open a pull request in the GitHub pane in Visual Studio, and open a compare view, and you'll see existing comments right there in the editor. Click the icon in the margin to add new comments.

Inline comments using without leaving your IDE

The functionality is limited right now to adding single comments, but we're hoping to bring the whole GitHub review experience right into Visual Studio soon!

On top of that, we've shipped a whole bunch of new features and bugfixes. To find out more check out the release notes.

New in the GitHub Shop: Octocat laptop decals


Looking for a new way to protect your laptop and stand out from the crowd? We've got two new game-inspired decals that are ready to shield your laptop against unforeseen scratches. No need to thank Mona—she's just doing what she can to help you keep your laptop looking its best.

Shop the decals


Through thick and thin, you can count on this Vinyl Disorder decal to have your back—or at least the back of your laptop.

Choose from "Boxing Mona", ready to knock out tasks with a one-two punch, or "Adventure Mona", fearlessly leading the way to her next ship. Decals work for all laptop brands and come in small for 11"-13" laptops or large for 15"-17" laptops.

Learn more