**Getting started with project planning on GitHub** Stop context switching. Keep your team’s project planning next to your code. ⌘ Read more

**What’s new with Codespaces from GitHub Universe 2022** We’re giving GitHub users 60 free hours each month on Codespaces. Learn what else we shipped for Codespaces at Universe this year. ⌘ Read more

**Maintainer Month 2023: How the community gathered to spread some maintainer love** Maintainer Month is a time for open source maintainers to gather, share, and be celebrated. Over 31 days, 16 organizations came together to offer 42 activities convening and celebrating maintainers. ⌘ Read more

**GitHub Sponsors launches in Brazil** GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities. ⌘ Read more

**GitHub Advisory Database now powers npm audit** Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the \`npm audit\` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database. ⌘ Read more

**Three rules of bug fixing for better OSS security** When you're fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants. ⌘ Read more

**GitHub Enterprise Server 3.5 is now generally available** GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security. ⌘ Read more

**Shaping the GitHub of the future as COO** GitHub is driving the future of software development and, after 10 years as a Hubber, I’m more energized than ever as I take on the role of COO to help bring our vision to life. ⌘ Read more

Seven years of the GitHub Security Bug Bounty program ⌘ Read more...

**Security alert: new phishing campaign targets GitHub users** On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations. ⌘ Read more