티스토리 수익 글 보기

The latest on DevSecOps – The GitHub Blog

/ Blog

AI & ML
- AI & ML
  Learn about artificial intelligence and machine learning across the GitHub ecosystem and the wider industry.
  - Generative AI
    Learn how to build with generative AI.
  - GitHub Copilot
    Change how you work with GitHub Copilot.
  - LLMs
    Everything developers need to know about LLMs.
  - Machine learning
    Machine learning tips, tricks, and best practices.
- How AI code generation works
  Explore the capabilities and benefits of AI code generation and how it can improve your developer experience.
  Learn more
Developer skills
- Developer skills
  Resources for developers to grow in their skills and careers.
  - Application development
    Insights and best practices for building apps.
  - Career growth
    Tips & tricks to grow as a professional developer.
  - GitHub
    Improve how you use GitHub at work.
  - GitHub Education
    Learn how to move into your first professional role.
  - Programming languages & frameworks
    Stay current on what’s new (or new again).
- Get started with GitHub documentation
  Learn how to start building, shipping, and maintaining software with GitHub.
  Learn more
Engineering
- Engineering
  Get an inside look at how we’re building the home for all developers.
  - Architecture & optimization
    Discover how we deliver a performant and highly available experience across the GitHub platform.
  - Engineering principles
    Explore best practices for building software at scale with a majority remote team.
  - Infrastructure
    Get a glimpse at the technology underlying the world’s leading AI-powered developer platform.
  - Platform security
    Learn how we build security into everything we do across the developer lifecycle.
  - User experience
    Find out what goes into making GitHub the home for all developers.
- How we use GitHub to be more productive, collaborative, and secure
  Our engineering and security teams do some incredible work. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
  Learn more
Enterprise software
- Enterprise software
  Explore how to write, build, and deploy enterprise software at scale.
  - Automation
    Automating your way to faster and more secure ships.
  - CI/CD
    Guides on continuous integration and delivery.
  - Collaboration
    Tips, tools, and tricks to improve developer collaboration.
  - DevOps
    DevOps resources for enterprise engineering teams.
  - DevSecOps
    How to integrate security into the SDLC.
  - Governance & compliance
    Ensuring your builds stay clean.
- GitHub recognized as a Leader in the Gartner® Magic Quadrant™ for AI Code Assistants
  Learn why Gartner positioned GitHub as a Leader for the second year in a row.
  Learn more
News & insights
- News & insights
  Keep up with what’s new and notable from inside GitHub.
  - Company news
    An inside look at news and product updates from GitHub.
  - Product
    The latest on GitHub’s platform, products, and tools.
  - Octoverse
    Insights into the state of open source on GitHub.
  - Policy
    The latest policy and regulatory changes in software.
  - Research
    Data-driven insights around the developer ecosystem.
  - The library
    Older news and updates from GitHub.
- Unlocking the power of unstructured data with RAG
  Learn how to use retrieval-augmented generation (RAG) to capture more insights.
  Learn more
Open Source
- Open Source
  Everything open source on GitHub.
  - Git
    The latest Git updates.
  - Maintainers
    Spotlighting open source maintainers.
  - Social impact
    How open source is driving positive change.
  - Gaming
    Explore open source games on GitHub.
- An introduction to innersource
  Organizations worldwide are incorporating open source methodologies into the way they build and ship their own software.
  Learn more
Security
- Security
  Stay up to date on everything security.
  - Application security
    Application security, explained.
  - Supply chain security
    Demystifying supply chain security.
  - Vulnerability research
    Updates from the GitHub Security Lab.
  - Web application security
    Helpful tips on securing web applications.
- The enterprise guide to AI-powered DevSecOps
  Learn about core challenges in DevSecOps, and how you can start addressing them with AI and automation.
  Learn more

DevSecOps

DevSecOps guides about integrating security into every phase of enterprise software development. Learn how to implement security checks within your continuous integration and continuous deployment (CI/CD) pipelines, use automated tools to detect vulnerabilities early, and ensure compliance. Whether you’re new to DevSecOps or looking to deepen your expertise, we have you covered.

Featured

How to use the GitHub and JFrog integration for secure, traceable builds from commit to production

Connect commits to artifacts without switching tools.

Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations

Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.

Frenemies to friends: Developers and security tools

When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let’s explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.

5 ways to make your DevSecOps strategy developer-friendly

Developers care about security, but poorly integrated tools and other factors can cause frustration. Here are five best practices to reduce friction.

Latest

How GitHub accelerates development for embedded systems

In a world where software and hardware is ubiquitous, GitHub can help enable secure development for mission-critical embedded systems.

How to mitigate OWASP vulnerabilities while staying in the flow

Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities

Passwordless deployments to the cloud

Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).

Securing and delivering high-quality code with innersource metrics

With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.

GitHub Actions for security and compliance

GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool.

Applying DevSecOps to your software supply chain

To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.

The world's largest developer platform

Docs

Everything you need to master GitHub, all in one place.

Go to Docs

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Start building

Customer stories

Meet the companies and engineering teams that build with GitHub.

Learn more

The GitHub Podcast

Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.

Listen now

티스토리 수익 글 보기

티스토리 수익 글 보기

DevSecOps

Featured

How to use the GitHub and JFrog integration for secure, traceable builds from commit to production

Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations

Frenemies to friends: Developers and security tools

5 ways to make your DevSecOps strategy developer-friendly

Latest

How GitHub accelerates development for embedded systems

How to mitigate OWASP vulnerabilities while staying in the flow

Passwordless deployments to the cloud

Securing and delivering high-quality code with innersource metrics

GitHub Actions for security and compliance

Applying DevSecOps to your software supply chain

Secure at every step: Putting DevSecOps into practice with code scanning

Secure at every step: A guide to DevSecOps, shifting left, and GitOps

Achieving DevSecOps maturity with a developer-first, community-driven approach

How to build an effective DevSecOps culture

Easier bug reporting using Marker.io for GitHub

The world's largest developer platform

Docs

GitHub

Customer stories

The GitHub Podcast

티스토리 수익 글 보기

Featured

We do newsletters, too

Latest

The world's largest developer platform

Docs

GitHub

Customer stories

The GitHub Podcast