GitHub’s Post

View organization page for GitHub, graphic

4,382,375 followers

5d

Now is the time to stop oversized files, dangerous file types, and other threats to your repo. 🛑 Protect your repository against risky file changes with push rules, and delegate bypass capabilities to those you trust. ✅ https://gh.io/push-rules

22 Comments

Transcript

I'm sorry. I'm going to be up all night deleting license keys from the repo. Oh, there's got to be a better way... And there is, because at GitHub we believe in the power of collaboration. But we also believe in safety as a repository maintainer. I need to be able to prevent certain types of risky file changes. Push rules are a new type of ruleset which gives administrators like me fine-grained control over which files and paths can be modified or added to the repo. File path restrictions allow us to block changes to specific directories and file name patterns, for example. Maybe I don't want anyone messing with the automation in this repo, so I'll protect the whole workflows directory. Now, aside from being awkward, long file paths can cause problems on certain operating systems, so I might choose to limit them to a specific number of characters. There are also a bunch of file types I don't want in my repo. Lately I've had a problem with developers accidentally storing license keys in the repo instead of in a separate key store. So I'll add ��key�� as a disallowed extension. And if you've ever had someone push a huge dataset or binary image, you know how quickly that can blow up your repo. Those files belong elsewhere. So I'm going to set a maximum size for each file committed. Of course, there may be certain individuals or teams I regularly trust to bypass these rules. If so, I can simply add them to the bypass list for this repo. For those not on the bypass list, their pushes will be blocked if they don't meet the rules I've put in place, and they'll be able to see why their push was blocked. But they can also ask for a one-time exception to the rule, giving me the option to approve or deny the request. So now I can rest easy knowing my private and internal repositories and their forks are protected. Find out more at gh.io/push-rules

Technical Lead | Full Stack | Embedded | Bare metal | Linux | Rust Developer

4d

I would suggest to fire the developer, who is uploading dangerous file or viruses. but this may be helpful in restricting the node_modules or rust target dir.

Christian Mendoza

Christian Mendoza

Student at Collin College

4d

Very informative and good to know such measures exist to protect the integrity of organized, large, and often complex projects.

CS + Math @ CU Boulder | Undergraduate Researcher @ Correll Lab

3d

Push rules are cool, although I recommend adding CodeQL to supplement it for static analysis if possible.

Data Analyst | Freelancer | YouTube Content Strategy, Management, and SEO Specialist

4d

A much-needed update! well done. 👏🏼👏🏼👏🏼

indépendant

3d

Je pense avoir fait un très bon travail

indépendant

3d

Je garderai ceci à l’esprit

Founder @CTFramework

5d

Nice stuff right here

Head of Coding and Data Standards (and RAP guy) at NHS England

5d

Wow this looks great! Can't wait to give it a go!

Student at the University of Colorado Boulder - Former Computer Repair Technician | Aspiring Ethical Hacker | Seeking Summer Internship Positions in IT and/or Cybersecurity

3d

I definitely support this!

See more comments

To view or add a comment, sign in

More Relevant Posts

GitHub

4,382,375 followers
27m
Report this post
Open source software underpins all sectors of the economy, public services and even international organizations like the United Nations. 🌐 Learn how the public and private sectors can work together to make open source more sustainable. https://lnkd.in/g88hwMHP

Software as a public good

https://github.blog
Like Comment
To view or add a comment, sign in
GitHub

4,382,375 followers
3h
Report this post
Want to code and reduce your carbon footprint? 🌎 Check out the sustainable software tools we recommend in our new Green Software Directory.🔋⬇️ https://lnkd.in/gyFS8n8w
3 Comments
Like Comment
To view or add a comment, sign in
GitHub

4,382,375 followers
2d
Report this post
What do you have more time to do now because of AI coding tools? 🤔 Take a look at what respondents said to our survey on AI in software development. 👀 https://lnkd.in/gMj7_Ttj
7 Comments
Like Comment
To view or add a comment, sign in
GitHub

4,382,375 followers
4d
Report this post
🤔 Wondering what #GitHubUniverse actually is? We've got you covered ✅ 🎟️ Grab your ticket to join us this October https://lnkd.in/gMcjiTpS

9 Comments
Like Comment
To view or add a comment, sign in
GitHub

4,382,375 followers
5d
Report this post
Ready to optimize your MLOps? 💻 🔧 Learn how GitHub Actions + Arm64 runners can boost performance, cut costs, and simplify machine learning workflows. ✅ https://lnkd.in/gj3EPfKi

Streamlining your MLOps pipeline with GitHub Actions and Arm64 runners

https://github.blog

4 Comments
Like Comment
To view or add a comment, sign in
GitHub

4,382,375 followers
2w
Report this post
The GitHub CLI brings GitHub to your terminal. Free and open source! Join Andy, William and Kedasha as they talk about the GitHub CLI, CLI extensions, dig into some useful CLI commands and much more! Here are some resources to check out for this stream: - cli docs: https://cli.github.com/ - gh cli repo: https://github.com/cli/cli - gh dash extension: https://lnkd.in/e9S6kYGV - gh extensions on GitHub: https://lnkd.in/equsdSDC

Open Source Friday with GitHub CLI!

www.linkedin.com

112 Comments
Like Comment
To view or add a comment, sign in
GitHub

4,382,375 followers
6d
Report this post
👉 Want to learn how to use your repository for RAG? Lower entry barriers to the open source community? Or even craft a compliant and impactful AI strategy that unlocks the potential of AI at scale? Then GitHub Universe is where you need to be. Check out all the opportunities you’ll have to learn, network, and level up at Universe 2024 in October. 🌈

What to expect at GitHub Universe 2024

GitHub on LinkedIn

19 Comments
Like Comment
To view or add a comment, sign in

GitHub

4,382,375 followers

View Profile Follow

More from this author

Explore topics