Hacker News with Generative AI: GitHub

GitHub found 39M secret leaks in 2024. Here's what we're doing to help (github.blog)
If you know where to look, exposed secrets are easy to find. Secrets are supposed to prevent unauthorized access, but in the wrong hands, they can be—and typically are—exploited in seconds.

Security, Data Breaches, Software Development, GitHub

6 points by gnabgib 6 hours ago | 1 comments

LightkeeperRM: Lightweight drop-in replacement for maintaining servers over SSH (github.com/kalaksi)
LightkeeperRM (Remote Management) is a lightweight and modular drop-in replacement for maintaining servers over SSH.

Server Management, SSH, Open Source, Tools, GitHub

7 points by thunderbong 1 day ago | 0 comments

Free, simple, fast interactive diagrams for any GitHub repository (github.com/ahmedkhaleel2004)
Turn any GitHub repository into an interactive diagram for visualization in seconds.

GitHub, Visualization, Tools, Software, Open Source

10 points by sharjeelsayed 1 day ago | 0 comments

Public secrets exposure leads to supply chain attack on GitHub CodeQL (praetorian.com)
A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time.

Security, GitHub

296 points by cyberbender 3 days ago | 61 comments

Organic Maps migrates to Forgejo due to GitHub account blocked by Microsoft (mastodon.social)

Open Source, Software, Microsoft, GitHub, Forgejo

137 points by mraniki 3 days ago | 46 comments

GitHub has gone – long live Forgejo (mastodon.social)

GitHub, Open Source, Software Development, Social Media

12 points by Helithumper 5 days ago | 2 comments

Show HN: I made a tool that builds your portfolio in seconds from GitHub. (devfol.io)
Connect your GitHub or Dribbble account, pick a theme, and instantly bring your portfolio to life. Import effortlessly or add manually—the choice is yours.

Software, Web Development, Portfolio, GitHub, Tools

14 points by lucasr1b 7 days ago | 3 comments

Show HN: I built a chatbot that lets you talk to any GitHub repository (sentientdocs.com)

Chatbots, GitHub, Software, Artificial Intelligence

23 points by simssousa15 8 days ago | 13 comments

Whose code am I running in GitHub Actions? (alexwlchan.net)
A week ago, somebody added malicious code to the tj-actions/changed-files GitHub Action. If you used the compromised action, it would leak secrets to your build log. Those build logs are public for public repositories, so anybody could see your secrets. Scary!

Security, GitHub, Open Source, Software

221 points by ingve 8 days ago | 87 comments

Osgint – OSINT tool to find information about GitHub user (github.com/hippiiee)
Retrieve informations about a github username/email

GitHub, OSINT, Tools, Security

116 points by CHEF-KOCH 10 days ago | 26 comments

Show HN: Formal Verification for Machine Learning Models Using Lean 4 (github.com/fraware)
Welcome to the Formal Verification of Machine Learning Models in Lean project. This repository provides a framework for specifying and proving properties—such as robustness, fairness, and interpretability—of machine learning models using Lean 4.

Machine Learning, Formal Verification, Lean 4, Software, GitHub

52 points by MADEinPARIS 10 days ago | 14 comments

Links copied from project READMEs now add "?tab=readme-ov-file" query parameter (github.com/orgs)
Anchor links copied from project READMEs now add a `?tab=readme-ov-file` query parameter, making them harder to read

GitHub, User Interface, Web Development, Features, Accessibility

4 points by susam 12 days ago | 2 comments

Building and deploying a custom site using GitHub Actions and GitHub Pages (simonwillison.net)
I figured out a minimal pattern for building a completely custom website using GitHub Actions and deploying the result to GitHub Pages.

Web Development, GitHub, Automation

54 points by linsomniac 14 days ago | 19 comments

Supply Chain Attack on Reviewdog GitHub Actions (github.com/reviewdog)
We have recently been informed by Wiz Research of a supply chain attack targeting the reviewdog/action-setup@v1 GitHub Action. This attack potentially led to the compromise of additional actions, notably the widely used tj-actions/changed-files action, causing repositories to leak secrets.

Security, GitHub, Open Source

5 points by akyuu 14 days ago | 0 comments

The Pain That Is GitHub Actions (feldera.com)
For the past two weeks, I’ve been spending most of my time rewriting our CI scripts in GitHub Actions.

Software, CI/CD, GitHub

704 points by qianli_cs 14 days ago | 562 comments

Solving GitHub Issues with Claude Code (coder.com)
As soon as Claude Code was released, we were chomping at the bit to see what it could actually do. Not on toy problems, but on our real development work. So we started feeding it real GitHub issues from our open-source and internal repositories — issues created by both community members and Coder engineers — to see how well it could tackle actual engineering problems.

Generative AI, Software Development, Open Source, GitHub

10 points by hugodutka 16 days ago | 0 comments

Pin Your GitHub Actions (michaelheap.com)
Way back in 2019, Julien Renaux published Use GitHub Actions at your own risk. While the title is a little sensational, it correctly pointed out that any maintainer can update a branch or tag to point at new code without you knowing. This means that if any action is compromised, you'll start leaking secrets without knowing it.

Security, GitHub, DevOps

3 points by mooreds 17 days ago | 0 comments

Zest: a programming language for malleable and legible systems (github.com/jamii)
Zest is a (very wip) programming language for building systems that are both malleable and legible.

Programming Languages, Software Development, Open Source, GitHub

56 points by one-more-minute 17 days ago | 14 comments

zlib-ng: zlib replacement with optimizations for "next generation" systems (github.com/zlib-ng)
zlib replacement with optimizations for "next generation" systems.

Software, Compression, Optimization, GitHub

55 points by tosh 18 days ago | 14 comments

Popular GitHub Action tj-actions/changed-files is compromised (semgrep.dev)
Popular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.

Security, GitHub, Open Source, CI/CD

282 points by moyer 19 days ago | 4 comments

Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos (stepsecurity.io)
We are investigating a critical security incident involving the popular tj-actions/changed-files GitHub Action. We want to alert users now so you can take immediate action. This post will be updated as new information becomes available.

Security, GitHub, Software, Actions

273 points by varunsharma07 19 days ago | 298 comments

Exo: Exocompilation for productive programming of hardware accelerators (github.com/exo-lang)
Exocompilation for productive programming of hardware accelerators

Hardware Acceleration, Programming Languages, Compiler Design, Open Source, GitHub

90 points by gnabgib 19 days ago | 33 comments

Is GitHub Lying Here? (win-vector.com)
My partners and I keep getting this spam-like email.

GitHub, Spam, Email

17 points by jmount 20 days ago | 10 comments

Show HN: Smart Pull Request Alerts → Faster Code Reviews (pullnotifier.com)

Software, Code Reviews, GitHub, Productivity

13 points by gabriel-manta 21 days ago | 4 comments

GitHub is currently merging PRs in the UI with the wrong merge method (github.com/orgs)
In a project that allows both the Merge method and the Squash & Merge method, if I try to use the Squash & Merge method, it uses the Merge method anyway.

GitHub, Bug Reports, Software Development, Version Control

34 points by darknavi 23 days ago | 10 comments

Long Read: Lessons from Building Semantic Search for GitHub and Why I Failed (notion.site)

Long Read, Search, Software Development, GitHub

146 points by zxt_tzx 26 days ago | 51 comments

Vtm: Text-Based Desktop Environment (github.com/directvt)
It is a text-based application where the entire user interface is represented by a mosaic of text cells forming a TUI matrix. The resulting TUI matrix is just rendered either into its own GUI window or into a compatible text console.

Desktop Environments, Programming, GitHub

311 points by klaussilveira 26 days ago | 91 comments

Four steps toward building an open source community – The GitHub Blog (github.blog)
Open source projects generally begin with a problem to be solved. If it’s a problem a lot of people have, it may gain traction. Eventually you might have many people contributing. Before you know it, your project might turn into more than just a project, but a community.

Open Source, Community, Software Development, GitHub

3 points by rbanffy 26 days ago | 0 comments

Copilot exposes private GitHub pages, some removed by Microsoft (arstechnica.com)
Microsoft’s Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, Microsoft.

Privacy, AI, Software, Security, GitHub

10 points by Alupis 28 days ago | 2 comments

Show HN: Fork of Claude-code working with local and other LLM providers (github.com/dnakov)
Terminal-based AI coding tool that can use any model that supports the OpenAI-style API.

Code, AI Tools, OpenAI API, GitHub

177 points by npace12 29 days ago | 38 comments