Learn how to secure your GitHub Actions with these best practices! From controlling credentials to using specific action version tags, this cheat sheet will help you protect against supply-chain attacks. Don't let a malicious actor inject code into your repository - read now!

Nobl9 has released an open specification for defining SLOs and, in addition, has defined a repeatable SLO methodology.

(WIP) Zed fork focused on privacy and being local-first - zedless-editor/zed

A new version of the GNU project's Bourne Again SHell (better known to most of us as Bash) has been released, nearly 3 years after the last. According the

Learn how you can structure your enterprise to get the most value out of GitHub and provide the best experience for your developers!

IEEE predicts a steady rise in HDD capacity in the next 13 years, and the number of drives sold is also set to increase.

The OSI, the self-appointed arbiter of all things open source, has released its first definition of 'open source' AI.

Generate high-quality images from text prompts using Flux Dev, a 12B parameter rectified flow transformer. Ideal for research, creative projects, and fine-tuning.

We released a collection of improvements to Artifact Attestations to make the verification of attestations easier and more consistent. Artifact Attestations let you create provenance signatures, which provide an unforgeable…

An extortion group calling itself the Crimson Collective claims to have breached Red Hat's private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects.

The federally funded organization behind the Common Vulnerabilities and Exposures (CVE) program confirmed that its contract to support the system will expire on April 16th.

c/ua is the Docker Container for Computer-Use AI Agents. - trycua/cua

Compatibility:
Source: See Trivy website for details. Trivy is an all-in-one open source security scanner that can help you identify vulnerabilities and IaC misconfigurations, discover SBOMs, perform cloud scanni…

An exposed GitHub token could have been used to launch a supply chain attack on GitHub CodeQL, resulting in source code exposure and repository tampering of CodeQL users.