Hot File Context in GitHub Pull Requests

Open-source maintenance is unpredictable. A crucial library your team relies on today might end up archived by tomorrow. For tech leads and developers managing complex systems, finding a maintained alternative to a dead dependency is a frustrating process. It usually means spending hours sifting through hundreds of stale GitHub forks, trying to figure out which one actually has recent commits and active maintainers before you can safely integrate it into your production codebase. I built Forkfinder to solve this specific headache. It automatically analyzes and ranks GitHub forks based on real activity, recent updates, and overall repository health. Instead of clicking through endless commit histories, it helps you immediately identify which fork of an abandoned or archived project is actively maintained. You can try the tool out at https://lnkd.in/dCZ74QfV. If you are currently auditing your project dependencies, dealing with an archived library, or trying to revive an older codebase, give it a look. I would love to hear if it saves you some valuable research time. #GitHub #OpenSource #DeveloperTools #SoftwareEngineering

Wiz uncovered a critical RCE that GitHub patched (CVE-2026-3854) Important takeaway from this issue as GitHub explain 👉 “This is a useful reminder that defense in depth matters. The input sanitization fix is the primary remediation, but we have also removed the unnecessary code path from environments where it should not exist” ‼️ Perform regular cleaning of repositories and don’t keep unnecessary images, binaries, code or legacy environmental variables. ⛔️limit the attack surface 🎯 #github #repositories #devsecops See blog links 🔗 in comments 👇

Most first-time open source contributors don’t quit because the code is hard. They quit because they can’t get the repo to build locally. A few weeks ago I shared 8 skills I built for first-time OSS contributors. Since then, I’ve added 7 more based on the problems people kept running into. The biggest improvements came from: - a setup skill that reads the repo’s CI config instead of the README (READMEs go stale, CI pipelines don’t) - a skill for writing tests as a first contribution (lower risk than bug fixes, faster way to learn the codebase) - a post-merge skill that helps contributors keep momentum after their first PR lands (this is where most people disappear) Everything now works with Cursor, GitHub Copilot, Windsurf, and Gemini CLI too. Not just Claude Code. The skills are plain markdown, so they’re portable across tools and easy to customize. If you’re starting with open source or running community programs, this might save some time. Link in the first comment! #OpenSource #GitHub #OSS #DeveloperTools #AIEngineering #ClaudeCode #CursorAI #GitHubCopilot #DevTools #SoftwareEngineering #BuildInPublic

I've dealt with legacy code before, and I've inherited code that nobody wanted to touch. How do you exactly clean that up? I was lucky that I managed to track down the author that created the little monster 1000 line script, but it was useless, they didn't think there was any problem. So how do you change it? Fix it? Improve it? The most important thing: keep it stable. I break it down into the strategies you can apply in this video. If you want full access to the repository with other examples, use this: https://lnkd.in/eFkHxVVE #copilot #github Practice matters, degrees are optional

Search is invisible right up until it is part of everything. THE SCENE -> GitHub search is not a side feature. It is how work is found, traced, and resumed. That means search outages are workflow outages. THE LESSON -> High availability work often looks boring on paper: rebuild paths, isolation, failover, recovery. But that boring work is what turns "search is down" from a company-wide stop into a degraded inconvenience. THE RULE -> Treat any system as critical if teams use it to navigate daily work. If it breaks discovery, it breaks delivery. YOUR TURN -> What internal system in your org still gets "nice to have" treatment even though everyone depends on it? 📲 Full discussion on Telegram: https://t.me/md_sdet 💬 Want to discuss? Connect with me: https://lnkd.in/eUypsdP5 #TechLessons #SoftwareFails #Engineering #PostMortem

I used to treat tools like GitHub and deployment infrastructure as if they belonged to “real developers.” Then I actually used them. This piece is about what happens when intimidating systems become ordinary enough to disappear into the work itself. From Distance to Surface: https://lnkd.in/gtjWMY5W

The future of #AgenticEngineering involves continuous evaluation, evolution and optimization of agents… by agents. We are building the observabilty and experimentation infrastructure into #GithubAgenticWorkflows to support it.

New blog post from Mara Kiefer, Jonathan "Peli" de Halleux, and me on how we spent the last month using GitHub Agentic Workflows to improve their token efficiency. The preliminary results are promising, showing a nearly 60% improvement on workflows that run dozens of times each day. There is a lot more we can and will be doing in the coming months, too. https://lnkd.in/gqf2Cu7q

One git push. Full server compromise. CVE-2026-3854 let any authenticated GitHub user inject fields into an internal header, bypass the sandbox, and execute code on GitHub's backend on both GitHub.com and GitHub Enterprise Server. Bonus: it was found using AI-assisted reverse engineering. AI isn't just writing code anymore. It's reading the code we couldn't. GHES users → patch to 3.19.3 now. 88% still haven't. #AppSec #AISecurity #GitHub

🚀 I just shipped my first open source CLI tool — and it solves a problem I hit every week. As a Site Reliability Engineer, I constantly deal with variables scattered across platforms: → GitLab CI has one set → Terraform Cloud has another → GitHub Actions has its own → And the .env files are always out of date They should be in sync. But no tool does this automatically. So I built envcmp. It's a lightweight CLI that lets you: ✅ diff variables between any two platforms ✅ push changes from source to target ✅ pull changes back ✅ --dry-run to preview before applying ✅ secret values are never exposed in output ```bash pip install envcmp envcmp diff --from gitlab:my-project --to terraform:my-workspace envcmp push --from .env --to gitlab:my-project --dry-run ``` Built with Python · 77 tests · 100% coverage · GitHub Actions CI · Published on PyPI With 20+ years in IT and 10 years in DevOps/SRE, I've learned that the best tools are the ones that do one thing well and stay out of your way. That's what I tried to build here. 🌐 envcmp.dev 📦 pip install envcmp 🔗 github.com/saeedya/envcmp If you're a DevOps or platform engineer, I'd love your feedback — what provider should I add next? HashiCorp Vault? AWS Secrets Manager? Kubernetes? #DevOps #SRE #OpenSource #Python #Kubernetes #Terraform #GitLab #InfrastructureAsCode #PlatformEngineering