Game Off—our fifth annual game jam returns in just two weeks!
A game jam is a hackathon for creating video games. Although most game jams run for 24-72 hours, the Game Off runs for the entire month of November. You'll have 30 days to create a game inspired by or loosely based on a theme that we'll announce Wednesday, November 1, at 13:37 pm PDT.
As always, you're encouraged to use open source game engines, libraries, and tools, but you're free to use any technology you want. It's a perfect excuse to experiment with something new, too.
This year, the Game Off will take place on itch.io–an open marketplace for indie game developers and platform for running game jams among other things. Best of all, this year, you'll be the judging the entries.
We're coming up on four years since the Bug Bounty program was first announced. A lot has changed in that time, and we constantly try to keep our reward structure inline with top security bug bounty programs. We're excited to announce that starting today we're doubling our payout amounts, bringing the minimum and maximum payouts to $555 and $20,000, respectively. This means that any report eligible for a bounty will be met with at least a $555 reward. This doesn't mean we're raising the bar for what is considered a valid report, we're simply raising the payouts.
This bump to our payouts aligns with Hack the World, an annual hacking competition by HackerOne, which kicked off this morning and runs until November 18th. During this time participants compete against each other to find the most security vulnerabilities across all sites on HackerOne's platform. We're one of the sponsors, which means hackers will be rewarded with twice the reputation points on HackerOne when finding bugs on GitHub over the next month! As an additional incentive, we will also be rewarding all valid submissions with free unlimited private repositories for life. The increased bounty payouts are here to stay, but unlimited private repositories will only rewarded on reports submitted on or before November 18th!
Communities grow during Hacktoberfest. Just ask Peter Tseng, now a core contributor of Exercism, which he found during Hacktoberfest. He said, "[it] was my first time being an open source maintainer (not counting projects in which I'm the only contributor)... I've learned a lot about working with others from that."
This week, more than 1,000 developers from around the world joined us at Pier 70 in San Francisco for our flagship conference. We learned new skills in workshops, heard from industry experts about the future of software development, and explored new GitHub products powered by the world’s largest collection of open source data.
Here’s a look back at who came, what they saw, and how they conquered this Universe.
What’s new in the GitHub universe
We kicked off the first day of the conference with an opening keynote and product updates from GitHub CEO Chris Wanstrath, Data Engineering Manager Miju Han, and Platform Engineering Manager Kyle Daigle.
They introduced new experiences that can help you protect your code and discover relevant projects:
Keep track of the projects your code depends on with the new dependency graph (and soon, you’ll get security alerts and suggested fixes from your dependency graph)
Find hand-picked resources and projects like yours with Explore
From Felipe Hoffa’s exploration of what we learn from 42 TB of Google code to Flora Dai’s search for efficient music discovery at Pandora, the 40 sessions that followed introduced new ideas from unexplored parts of the software universe.
Attendees who made it to the workshops got a full day of hands-on building with leading technologies and concepts, taught by the people who know them best. They built new Electron apps, learned new command line tricks, and discussed how to make their teams more inclusive in an inspiration-rich gallery space.
We wrapped up the first day of the conference with a benefit concert supporting Maven—our nonprofit partner that empowers LGBTQ youth to network, organize, and build tech solutions for social change—on National Coming Out Day. Our headliner, Neon Trees, played their hits as more of the community met each other over food truck bites and drinks at Mezzanine.
Our business and community sponsors kept the recharge power, waffle cones, cold brews, juice, and inspiration flowing throughout the event. Universe wouldn’t be possible without the imaginations and contributions from these organizations.
Thank you, GitHub community
Thanks for being part of 1.5 billion commits over the last decade together and for helping our third Universe take flight. If the last ten years are any indication, we’ve got a lot to look forward to. See you next year at Universe or at an event near you!
We're welcoming four new apps to GitHub Marketplace—built to help you review, secure, and monitor your code.
AccessLint brings automated web accessibility testing into your development workflow. When a pull request is opened, AccessLint reviews the changes and comments with any new accessibility issues, giving you quick, timely, and targeted feedback, before your code goes live.
Greenkeeper brings safety and consistency to npm with real-time monitoring and automatic update testing for your dependencies. It acts as a friendly bot that sends you informative, actionable pull requests and issues so you can easily keep your software up-to-date and in working condition.
LogRocket lets you replay problems as if they happened in your own browser. Instead of guessing why errors happen or asking users for screenshots and logs, LogRocket provides you with a video recording of exactly what the user saw, along with console logs, network requests, and application states so you can quickly pinpoint what went wrong.
We’re excited to keep giving developers the tools they need to build software and the flexibility to evolve their workflows as their needs change. Discover new tools on GitHub Marketplace and integrate them into your workflow in minutes.
From code review and project management to deployment and monitoring, you can choose the exact tools your workflow needs among hundreds of apps and services available on the GitHub platform.
Now it’s easier to connect GitHub to your deployment system of choice with AWS CodeStar's new integration. Use GitHub directly within AWS CodeStar’s continuous integration and continuous deployment (CI/CD) toolchains, and manage your software release workflow including code commits, builds, and deployments for AWS applications in one place.
Each AWS CodeStar project template provides you with the option to use GitHub as your version control system for the software projects you build with AWS.
When you create a new project with AWS CodeStar and GitHub, you’ll also be able to centrally track commits, issues, and pull requests from a single dashboard—making it easy to manage project activity across your CI/CD toolchain and simplify project management for your AWS applications.
Start building with GitHub and AWS CodeStar today. And stay tuned for more integrations that bring together your favorite software development tools.
Almost a decade ago, GitHub was created as a place for developers to work together on code. Now, millions of people around the world use our platform to build businesses, learn from each other, and create tools we’ll use for decades to come. Together, you’ve shown that some of the most inventive, impactful things happen when curious and creative people have a space to work together.
Today, at GitHub Universe, we shared plans to build on our ten years of experience and 1.5 billion commits. We've taken the first step toward using the world's largest collection of open source data to improve the way we collaborate with these new experiences.
Protect code with your dependency graph and security alerts
There are millions of open source projects on GitHub. If you build software, your code likely depends on at least one of those projects. Now, our data can help you manage increasingly complex dependencies and keep your code safer as you work on connected projects—even for private repositories.
Soon, your dependency graph will be able to track when dependencies are associated with public security vulnerabilities. We’ll notify people who have access when we detect a vulnerability, and in some cases, suggest a known security fix from the GitHub community.
Security alerts are the first in what we hope will be a robust collection of tools to keep your code safe, and we need people who build on our APIs to help us make them even better—and to keep security data current for the community. We can't wait to see what you can do!
Discover new projects with news feed and Explore
With more than 25 million active repositories on GitHub, there are new ways to get involved in projects and communities every day. We have two improved experiences that will help you find the ones you’re interested in.
Your updated news feed connects you with opportunities to explore and expand your corner of GitHub like never before.
Behind the new “Discover repositories” feed on your dashboard, you’ll see recommendations for open source projects to explore. These recommendations are tailored to you based on people you follow, repositories you star, and what’s popular on GitHub.
You're in control of the recommendations you see: Want to contribute to more Python projects? Star projects like Django or pandas, follow their maintainers, and you'll find similar projects in your feed. You can also dismiss any updates you're not interested in, and you'll see less like those in the future. The “Browse activity” feed in your dashboard will continue to bring you the latest updates directly from repositories you watch and people you follow.
We’ve completely redesigned the Explore experience to connect you with curated collections, topics, and resources from GitHub contributors around the world.
Collections are hand-picked resources from the GitHub universe and beyond. Browse collections to learn about ideas that interest you, like machine learning or game development, and find repositories and organizations that help you dig deeper.
Topic pages help you find projects related to technologies, languages, frameworks, or platforms—thanks to the GitHub community’s topic tags. Use topic pages to find all Android or CSS projects for example, and suggest edits to topic pages in our public repository.
These experiences are a first step in using insights to complement your workflow, but there’s so much more to come. With a little help from GitHub data, we hope to help you find work you're interested in, write better code, fix bugs faster, and make your GitHub experience totally unique to you.
We can’t wait to get building, and more importantly, see what you build when you have all of the right tools and people behind you.
Today’s launches wouldn’t be possible without all of your work on open source projects over the last decade. The future of GitHub is in the hundreds of millions of commits you’ve already made. Thanks for everything you've contributed so far.
Want to see all of the work you’ve been a part of? See our community’s year in data:
Security is an essential part of any engineering organization—especially in regulated industries, like automotive.
In our recent webcast, "Driving secure, collaborative development", GitHub Solutions Engineer Phil Holleran walked through GitHub features that can make your security and compliance workflows less painful. Here are some key takeaways and a link to watch the recording.
Simple as it may sound, enforcing multi-factor authentication (MFA) across your organization is an easy way to avoid security vulnerabilities and outsider access. It’s also important to periodically audit the other ways people in your organization can authenticate and deploy. Occasional reviews help you check if the applications and keys are still in use, and if your users have successfully authorized them to act on their behalf.
Secure applications and integrations
Personal access tokens and OAuth applications can present security challenges with complex permissioning. Use GitHub Apps to eliminate the need for machine users, and only grant access to the people who need it.
With GitHub branch protection, protect your code from unwanted modifications by preventing force pushes (and deletion) and requiring code reviews. With the new code owners feature in GitHub, you can easily automate the assignment of reviewers.
Universe is just around the corner and we wanted to take one more opportunity to acknowledge our 2017 Community Partners. The following incredible organizations were kind enough to assist with scholarship ticket distribution this year and we are looking forward to seeing them at the conference this week.
Last month, we reached out to our Community Partners and asked them to share why diversity and inclusion matters to them—here are some of their responses.
"If technology is going to be used to solve some of the problems facing society today, the people who have experienced these issues firsthand must be on the development teams. Diversity and inclusion must encompass all things—not just race, gender, sexual orientation, age, and educational background. It must include the various backgrounds and life experiences that make up our society."
Victoria Westbrook, Program Graduate and Director of Programs and Operations at Code Tenderloin
"We all benefit when we use everyone's talents to make the world a better place. The more awesome people we have working on the world's hardest problems, the better."
Makinde Adeagbo, Founder and CEO of /dev/color
"Older Women Coders recognizes the inherent value in older STEM workers. We know that older STEM workers are an underserved market because our own needs are not being met."
Julee Burdekin, Older Women Coders
“We believe that the difference that many refer to as a "technical mindset" versus a "non-technical" mindset is primarily cultural. Operation Code works to bridge that cultural gap with a welcoming environment and a friendly community.”
Conrad Hollomon, Operation Code
“It’s been proven that focusing on diversity and inclusion creates space for more voices to share knowledge, create ideas and thus solve problems better. That’s why we’re excited to attend the Github Universe conference, where there’s a focus on making sure those from diverse backgrounds have the opportunity to learn, have their opinions matter, and solve problems with the best engineers in the universe.”
Albrey Brown, Director of Diversity and Inclusion at Hack Reactor
We’re beyond excited to see these organizations represented at GitHub Universe. If you weren't able to buy your ticket, there are a few ways for you to join us remotely. Watch from a viewing party in Berlin, London, or Paris—or tune into the livestream at githubuniverse.com/watch.
Installation is simple. Run brakeman against your Rails app, and guard against Little Bobby Tables and friends:
Possible SQL injection near line 1337:
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))
OWASP Juice Shop 5.0.0: Discover new vulnerabilities
Why not level up your web security skills or host a Capture the Flag (CTF) event? OWASP Juice Shop is easy to install on Windows/MacOS/Linux. Choose from Node.js, Docker, or Vagrant to deploy.
Speaking of Vagrant...
Vagrant 2.0: Create and configure lightweight development environments
Vagrant is a tool for building, maintaining, and distributing development environments running on local virtualized platforms like VirtualBox or VMware. Use Vagrant in the cloud via AWS or OpenStack—or in containers like Docker or raw LXC.
AirSim is an open source simulator for drones, cars, and more available as a plugin for Unreal Engine. Developed by Microsoft Research AI, AirSim is a platform to experiment with deep learning, computer vision, and reinforcement learning algorithms for autonomous vehicles. Find out more or read the recently-published paper from the Field and Service Robotics conference on their website.
Did you know: Quadrotors were the first vehicles to be implemented in the platform, but there’s also support for self-driving cars—and you can take over the controls manually.
Installing or upgrading with Yarn is as easy as:
yarn add react@^16.0.0 react-dom@^16.0.0
Speaking of Yarn...
Yarn 1.0.0: Fast, reliable dependency management
At Facebook, Yarn has been adopted across many codebases including the main Facebook app and website, Instagram, Oculus, and WhatsApp. Yarn supports hundreds of thousands of package installs on our systems every day. It was designed to scale even when a project has hundreds or thousands of direct or transitive dependencies.
Now you can get a more complete overview of the work going into your project without leaving your project board. When you reference an issue or pull request in a note, you'll see a preview of the cross-referenced link in a summary card.
Projects are a great way to organize tasks, but often those tasks have external dependencies to keep track of. Notes provide a way to add links to those external dependencies. Now, those references will bring valuable context like assignee, state, and labels right into view on the board.
You can add any issue or pull request on GitHub to your project by entering its URL into the note field. If it can be a first class card in the project, we'll convert it for you. If it's outside the scope of your project, you'll see the new summary card instead. This behavior is automatically applied to all notes, so there's nothing you need to do to upgrade your existing boards.
Our flagship conference is just a week away, and tickets are almost sold out! Don’t miss your chance to hear about some of our biggest product ships, learn from industry experts in over 40 breakout sessions, and support a great cause at the Universe After Party featuring Neon Trees.
There’s something for everyone at our flagship community conference. If you can make it, here are a few events you might want to make part of your mission.
Executive keynotes at Pier 70
Get a closer look at new GitHub products and plans from Co-Founder and CEO, Chris Wanstrath, and SVP Technology, Jason Warner.
From using the command line to landing your dream job, experts from the GitHub Team are ready to help you do more. Just stop by the Ask GitHub area when you arrive!
The Universe After Party at Mezzanine
Support one of our closest nonprofit partners Maven—an organization that empowers LGBTQ youth to network, organize, and build tech solutions for social change—and celebrate with a set from our headliner, Neon Trees.
Celebrate open source this October by participating in the fourth annual Hacktoberfest, a month-long celebration of open source software in partnership with DigitalOcean.
Last year, contributors from 114 countries submitted over 90,000 pull requests to all kinds of projects—everything from documentation tweaks and bug fixes to new features and performance improvements.
Some incredibly welcoming communities and projects like Home Assistant, the open source home automation platform, saw over five hundred contributions throughout the month. Some first time-contributors continued on projects and have gone on to become regular contributors and maintainers.
Whether it's your first or four-hundredth contribution, we think everyone can get something out of Hacktoberfest—the thrill of committing to open source or the rush that comes with your first merged pull request, for example.
If that's not enough, consider the free limited-edition t-shirt you'll receive when you make four valid pull requests! Please visit the Hacktoberfest website for full details.
Don't know where to start? If you've got the skills and a little free time this October, there's an open source project that could use your help.
To participate, simply open a pull request and contribute to any open source project during the month of October. Fix a bug, add a feature, or even improve some documentation. You can find projects that need your help by searching the hacktoberfest label and filtering for your programming language of choice.
GitHub for Visual Studio 2.3 adds the ability to comment on pull requests directly from your IDE. Simply open a pull request in the GitHub pane in Visual Studio, and open a compare view, and you'll see existing comments right there in the editor. Click the icon in the margin to add new comments.
The functionality is limited right now to adding single comments, but we're hoping to bring the whole GitHub review experience right into Visual Studio soon!
On top of that, we've shipped a whole bunch of new features and bugfixes. To find out more check out the release notes.
Looking for a new way to protect your laptop and stand out from the crowd? We've got two new game-inspired decals that are ready to shield your laptop against unforeseen scratches. No need to thank Mona—she's just doing what she can to help you keep your laptop looking its best.
Through thick and thin, you can count on this Vinyl Disorder decal to have your back—or at least the back of your laptop.
Choose from "Boxing Mona", ready to knock out tasks with a one-two punch, or "Adventure Mona", fearlessly leading the way to her next ship. Decals work for all laptop brands and come in small for 11"-13" laptops or large for 15"-17" laptops.