Making frequent changes to cloud applications running in production is the de-facto standard. To minimize errors, engineers use CI/CD automation, techniques like code reviews, green-blue deployments and others. Git pull requests often serve as a foundational component for triggering code reviews, Slack notifications, and subsequent automation such as testing and deployments. This automated process enforces peer reviews and creates enough visibility to minimize human error.

We are happy to announce Snyk Open Source support for GitHub Security Code Scanning, enabling you to automatically scan your open source dependencies for security vulnerabilities and license issues, as well as view results directly from within GitHub’s Security tab! A key ingredient of Snyk’s developer-first approach is integrating Snyk’s security data into the exact same processes that developers are using, whether this is within a developer’s IDE or a Git-based workflow.

Let's face facts. Git is not fun. Git is not friendly. No. It's just infuriatingly useful, so we're stuck with it. But what if you could make git more friendly? More convenient? Would that make your day a little less stressful? In this article, Julie Kent shows us how we can do this with just a few simple tweaks.

In this tutorial, I will show you how to build and deploy a Jekyll static site to AWS S3 + Cloudfront using GitHub Actions. At PagerTree we use GitHub Actions to automate the building and deploying of our marketing site pagertree.com. These days, if you have to do anything manually more than a couple of times, you should probably be automating it. GitHub Actions make it easy to automate software workflows.

Continuous integration (CI) involves the test automation of feature branches before they are merged to the main Git branch in a project. This ensures that a codebase does not get updated with changes that could break something. Continuous Delivery (CD), on the other hand, builds upon CI by automating releases of these branches or the main branch. This allows small incremental updates that reach your users faster, in line with Agile software development philosophy.

We are excited to announce that Nightfall DLP for GitHub now has two plans available: Pro and Enterprise. Both plans allow you to discover, classify and protect sensitive information in any GitHub organization by actively scanning your codebase for secrets, credentials, PII, and other business-critical data to notify you of data policy violations. The Enterprise plan provides the additional ability to scan the commit history of any repo within your GitHub org.

In our latest tools guide, we wanted to gather insights from a number of real users of these two giants in the Git & version control space to help you decide between using Github or Gitlab for your latest software development project. “GitHub is a common and easy-to-use website to host code in a way that's shareable with a large number of people”, states Melanie, Content Director at KitelyTech.

Snyk provides a wide array of integrations and a pretty comprehensive API to enable you to deploy Snyk across the SDLC and monitor all the code your organization is developing. Of course – this is not always simple. At scale, ensuring Snyk is monitoring all your repositories becomes more challenging. As you grow, more code is added in the shape of new repositories. Not only that, existing repositories keep on changing.