Get started with Hacktoberfest

Get started with Hacktoberfest

If you're an open source maintainer, it's time to get your repository ready for Hacktoberfest.


Communities grow during Hacktoberfest. Just ask Peter Tseng, now a core contributor of Exercism, which he found during Hacktoberfest. He said, "[it] was my first time being an open source maintainer (not counting projects in which I'm the only contributor)... I've learned a lot about working with others from that."

Home Assistant also received almost 250 pull requests last year. That's significant impact for one repository—not to mention the 92,259 other PRs that were opened across 29,287 other repositories.

How to get started

Below are a few highlights from our Open Source Guides to help get you set up.

1. Run some maintenance on your documentation

Remove barriers from anyone who wants to get started quickly and add some clarity so that their contributions meet expectations.

  • Add a README that helps people understand why your project matters and what your users can do with it. See an example template.
  • Encourage contributions by including a file that explains your expectations for a submission and how to best participate in your project. Try this template, for example.
  • Identify the ground rules for contributor behavior, and facilitate a healthy and constructive community by adding a Code of Conduct, for example the Contributor Covenant.
  • Add a license to tell others what they can and can't do with your source code. A lot of open source projects use to confirm the best one for their project.
  • Provide an issue template that supports new contributions by outlining your expectations. Start with this example Template from Hoodie.

2. Increase your searchability

You want to make it easy for the right people with the right skills to find you, right?

  • If any and all community contributions are welcome, add #Hacktoberfest to your repository's topics, located directly under your repository description.
    • Add more topics to the repository. You can do this for languages, project types (games, web design, app, etc), and other skills that appeal to broad ability sets.
  • To accomplish specific goals on open tasks, create a Hacktoberfest label for your Issues and Pull Requests.
    • Don't forget to assign the Hacktoberfest label to any open Issues and PR's that welcome community contributions after creation.

If you receive “spammy” pull requests, please let us know by applying the “invalid” label.

And that's it! Happy Hacking. 🎃

Webcast recap: Driving secure, collaborative development

webcast blog image

Security is an essential part of any engineering organization—especially in regulated industries, like automotive.

In our recent webcast, "Driving secure, collaborative development", GitHub Solutions Engineer Phil Holleran walked through GitHub features that can make your security and compliance workflows less painful. Here are some key takeaways and a link to watch the recording.

Watch the webcast

Secure accounts and organization

Simple as it may sound, enforcing multi-factor authentication (MFA) across your organization is an easy way to avoid security vulnerabilities and outsider access. It’s also important to periodically audit the other ways people in your organization can authenticate and deploy. Occasional reviews help you check if the applications and keys are still in use, and if your users have successfully authorized them to act on their behalf.

Secure applications and integrations

Personal access tokens and OAuth applications can present security challenges with complex permissioning. Use GitHub Apps to eliminate the need for machine users, and only grant access to the people who need it.

Secure code

With GitHub branch protection, protect your code from unwanted modifications by preventing force pushes (and deletion) and requiring code reviews. With the new code owners feature in GitHub, you can easily automate the assignment of reviewers.

To learn more, watch the recording.

Check out other webcasts

Release Radar · November 2017

GitHub Release Radar October 2017 Edition

We’re kicking off Cyber Security month with a few projects to help up your security game with the tools and know-how to protect yourself from common vulnerabilities.

These are the new projects and releases on our radar built to keep your code safe from across the GitHub community, help you work more efficiently, and have some fun with quadrotors.

Brakeman 4.0.0: Guard your Rails apps from threats

Brakeman is an open source static analysis tool that checks for security vulnerabilities in Ruby on Rails applications. It can guard against common web vulnerabilities like SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, and more.

Installation is simple. Run brakeman against your Rails app, and guard against Little Bobby Tables and friends:

Possible SQL injection near line 1337:
User.first.where((((("username = '" + params[:user][:name].downcase) + "' AND password = '") + params[:user][:password]) + "'"))

OWASP Juice Shop 5.0.0: Discover new vulnerabilities

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript covering the OWASP Top Ten and other severe security flows. The release notes introduce some of the new features and challenges like the NoSQL Injection challenge.

OWASP Juice Shop 5.0.0

Why not level up your web security skills or host a Capture the Flag (CTF) event? OWASP Juice Shop is easy to install on Windows/MacOS/Linux. Choose from Node.js, Docker, or Vagrant to deploy.

Speaking of Vagrant...

Vagrant 2.0: Create and configure lightweight development environments

Vagrant is a tool for building, maintaining, and distributing development environments running on local virtualized platforms like VirtualBox or VMware. Use Vagrant in the cloud via AWS or OpenStack—or in containers like Docker or raw LXC.

Find out more about in the Vagrant 2.0 annoucement.

Vagrant 2.0

Did you know: Since the project began more than seven years ago, 750 contributors have helped move it forward.

Stories Untold Update #3: An experimental text adventure

In Stories Untold, viruses and cybersecurity are the least of your worries. This award-winning game from No Code Studio is a compilation of experimental text adventure games that'll have you on the edge of your seat.

The latest release fixes a number of bugs and introduces support for macOS.

Did you know: Stories Untold started out as game jam entry for the Ludum Dare competition. The first episiode, originally called House Abandon, was built in a single weekend by just two people.

Voyager 1.0: Get help with administrative tasks

Voyager is an Admin Package for Laravel to enable CRUD tasks (creating, replacing, updating, or deleting) content. Well, they prefer BREAD (reading, editing, adding, and deleting content).

Read more in the 1.0 announcement blog post.

Voyager 1.0

AirSim 1.0: Experiment with AI

AirSim is an open source simulator for drones, cars, and more available as a plugin for Unreal Engine. Developed by Microsoft Research AI, AirSim is a platform to experiment with deep learning, computer vision, and reinforcement learning algorithms for autonomous vehicles. Find out more or read the recently-published paper from the Field and Service Robotics conference on their website.

AirSim 1.0

Did you know: Quadrotors were the first vehicles to be implemented in the platform, but there’s also support for self-driving cars—and you can take over the controls manually.

React v16.0: A JavaScript library for building user interfaces

React, a declarative JavaScript library for building component-based user interfaces for web and mobile recently released v16.0. This is the first version of React built on top of a new core architecture, codenamed “Fiber”. The v16.0 announcement post has all the details.

Installing or upgrading with Yarn is as easy as:

yarn add react@^16.0.0 react-dom@^16.0.0

Speaking of Yarn...

Yarn 1.0.0: Fast, reliable dependency management

Almost a year after it was initially released, the Yarn JavaScript dependency manager just hit 1.0.

At Facebook, Yarn has been adopted across many codebases including the main Facebook app and website, Instagram, Oculus, and WhatsApp. Yarn supports hundreds of thousands of package installs on our systems every day. It was designed to scale even when a project has hundreds or thousands of direct or transitive dependencies.

The 1.0 release introduces a number of new features like Workspaces, auto-merging of lockfiles, and a whole bunch of performance improvements and bug fixes to help developers move fast and ship software. Find out more in their blog post.

JGProgressHUD 2.0: Simple progress HUDs for iOS and tvOS apps

pProgressHUD  2.0

Build simple progress HUDs for iOS and tvOS apps with JGProgressHUD. It's simple to use, has customizable styles, and there are plenty of examples to play with. A little Swift can go a long way:

let hud = JGProgressHUD(style: .dark)
hud.textLabel.text = "Loading" self.view)
hud.dismiss(afterDelay: 3.0)

JGProgressHUD example

Speaking of Swift...

Swift 4.0

Congratulations to the Swift team and to all the contributors working on Swift 4.0! Find out more about the release in announcement blog post, or check it out for yourself in this Xcode playground showcasing the new features in Swift 4.0.

Thanks to everyone building projects that make our community great. Are you releasing something exciting soon? We'd love to help you celebrate! Send a note to

Celebrate open source this October with Hacktoberfest

Hacktoberfest returns this October

Celebrate open source this October by participating in the fourth annual Hacktoberfest, a month-long celebration of open source software in partnership with DigitalOcean.

Last year, contributors from 114 countries submitted over 90,000 pull requests to all kinds of projects—everything from documentation tweaks and bug fixes to new features and performance improvements.

Some incredibly welcoming communities and projects like Home Assistant, the open source home automation platform, saw over five hundred contributions throughout the month. Some first time-contributors continued on projects and have gone on to become regular contributors and maintainers.

Home Assistant Hacktoberfest Tweet

Whether it's your first or four-hundredth contribution, we think everyone can get something out of Hacktoberfest—the thrill of committing to open source or the rush that comes with your first merged pull request, for example.

@AlexandraABowen Hacktoberfest Tweet

If that's not enough, consider the free limited-edition t-shirt you'll receive when you make four valid pull requests! Please visit the Hacktoberfest website for full details.

Free Hacktoberfest 2017 T-shirt for completing four pull requests

Connect with other participants, show the world your contributions, or just show off your new shirt with the #hacktoberfest hashtag on Twitter, Facebook, or Instagram. We love hearing about your first open source contributions 🎉

Don't know where to start? If you've got the skills and a little free time this October, there's an open source project that could use your help.

To participate, simply open a pull request and contribute to any open source project during the month of October. Fix a bug, add a feature, or even improve some documentation. You can find projects that need your help by searching the hacktoberfest label and filtering for your programming language of choice.

Learn more from the Hacktoberfest website

New in the GitHub Shop: Octocat laptop decals


Looking for a new way to protect your laptop and stand out from the crowd? We've got two new game-inspired decals that are ready to shield your laptop against unforeseen scratches. No need to thank Mona—she's just doing what she can to help you keep your laptop looking its best.

Shop the decals


Through thick and thin, you can count on this Vinyl Disorder decal to have your back—or at least the back of your laptop.

Choose from "Boxing Mona", ready to knock out tasks with a one-two punch, or "Adventure Mona", fearlessly leading the way to her next ship. Decals work for all laptop brands and come in small for 11"-13" laptops or large for 15"-17" laptops.

Learn more

Webcast recap: Organizing work with GitHub

webcast banner card

Organizing your projects and teams efficiently on GitHub can provide clear direction for your teammates—and transparent documentation for everyone else following along.

In our latest webcast, GitHub Solutions Engineer Phil Holleran shares a few strategies to help you stay organized. If you weren’t able to join us live, you can find the full recording, along with a few highlights, below.

Watch the recording

Organizing people

There are plenty of ways to organize teams within your company and on GitHub. Choosing the right organizational structure is key to communicating across teams and keeping projects on track. When you're structure isn't working, developers might find it difficult to access the people and information they need to be successful. Our advice? Start with just one organization on GitHub populated with a hierarchy of teams, them grow from there if necessary.

Organizing repositories

When organizing repositories, there are three main elements you'll have to manage consistently: documentation, contributions, and releases. By maintaining control of these communication outlets—and discouraging sprawl—you’ll be able to keep all team members updated on your projects' progress. Greater visibility also helps new developers get up to speed and start contributing faster.

Organizing tasks

Task lists, labels, milestones, and project boards can help you organize any GitHub project. Each of these represent different strategies you can use to start new tasks, assign work, or gently remind teams about outstanding issues. For example, task lists are easy to add to comments within issues, and your team can sort issues by project keywords and status with labels. Project boards act as high-level guides to an entire project, linking people to various tasks and issues from one central location.

Register for upcoming webcasts or watch previous ones

Learn how to use GitHub with your favorite IDE

Join the GitHub Training Team for a week dedicated to IDEs. We'll feature a different IDE every day and show you how to make the most of your GitHub workflow alongside the tools you already use.

IDE Week

Monday September 11: GitHub and GitHub Desktop

GitHub Desktop isn't an IDE, but if you don't use an IDE with a Git or GitHub integration, it's the next best thing. Learn how to create branches, commit changes, and sync your local repository with—all from our new, Electron-based Desktop App.

Register now

Tuesday September 12: GitHub and Eclipse

Learn to use the eGit plugin with Eclipse to create branches, view diffs, commit changes, and push and pull from

Register now

Wednesday September 13: GitHub and Visual Studio

Work with GitHub no matter what Microsoft IDE you choose. Join Microsoft Senior Software Engineer Jeremy Foster and GitHub Trainer Matt Desmond as they clone repositories, commit changes, create pull requests, and more using different features and extensions of Visual Studio.

Register now

Thursday September 14: GitHub and Xcode

Whether you're a seasoned macOS developer or building your first iOS app, you'll learn how to connect two of the most powerful development tools around with Xcode's robust GitHub integration. We'll also show you how to clone repositories, create branches, commit changes, and sync your changes with without leaving Xcode.

Register now

Friday September 15: GitHub and

Our hackable text editor now has a Git and GitHub Integration. Learn how to create branches, commit changes, stage, and push—all from the comfort of your Atom Editor.

Register now

Get ready for fall with the new GitHub Bundle

Whether you need some back to school gear or a new note-taking sidekick, we've got you covered with the GitHub Bundle—available now in the GitHub Shop. This collection has everything you need to stay organized and look good doing it. The best part: It's super discounted.

Buy the Bundle

One bundle. All this gear.

Every bundle comes with these six items for $55 ($20 off the regular price):

  • A 100% cotton shirt featuring your friendly robot sidekick, Hubot
  • A 10" x 8.5" lined notebook with Hubot on the cover
  • A GitHub ballpoint pen
  • A 100% cotton "Pull Requests Welcome" tote bag
  • A 532 ml/18 oz Octocat water bottle with space for your GitHub username
  • A 10 pack of assorted Octocat stickers

GitHub Bundle


Get a bundle while supplies last!

Learn more

Learn GraphQL with GitHub

Make the switch from REST to GraphQL with our webcast and online training course.

Learn how to migrate to GraphQL with GitHub

Webcast: Migrating from REST to GraphQL

Join GitHub Platform Engineer Mark Tareshawty and Trainer Matt Desmond on August 8th at 10am PST. They'll discuss how GraphQL represents a giant leap forward in the world of APIs. As a significant departure from the REST API, GraphQL requires some not-so-subtle shifts in the way we think about consuming and altering data.

In this webcast, we'll help you transform your REST calls into precise GraphQL queries. You'll also learn how to think about data in GraphQL and how to combine multiple REST calls into a single GraphQL query.

Sign up for the webcast

On Demand Training: Introduction to GraphQL

Before the webcast, you can also explore Introduction to GraphQL—a new, on-demand course from our Training Team. The course walks you through building a GraphQL query and doing a simple mutation with the GraphQL explorer.

Take the course

Build a game in 13kB or less with js13kGames

Js13kGames - JavaScript Coding Challenge

If you’ve got time August 13th - September 13th, challenge your game development skills in js13kGames—a game jam for HTML5 game developers.

Like most game jams, participants make games based on a secret theme announced at the start of the competition. Unlike most game jams , submissions are limited to just 13 kilobytes after minification and compression. That doesn’t sound too challenging until you realize that a JavaScript game engine like Phaser is 815kB minified, and the image below is 13kB.

13kB image of Hubot

If you’re thinking this constraint would stifle creativity and limit playability, you’re mistaken. Check out some examples below as js13kGames organizer Andrzej Mazur (@end3r) looks back over some attention-grabbing entries from previous years.


The premier event kicked off and challenged participants to create a game based on the theme Number 13. The winning entry was a mouse accuracy and agility game called SpacePi by @jackrugile that revolves around the defense of 13 bases.

SpacePi by @jackrugile

It was the first js13k entry I started playing and couldn't stop. I spent half of the day sucked to the monitor by the awesome gameplay, beautiful visuals, and overall feel. I sent the link to my friends, and a few hours later they were still complaining they couldn't stop playing!


This year’s theme was Bad Luck, and @jackrugile won for the second year in a row with Radius Raid—a space themed shoot 'em up where you blast away unrelenting enemies before they destroy you.

Radius Raid by @jackrugile

The amount of polish and attention to detail is still impressive, even after so many years have passed.


2014’s theme was The Elements: Earth, Water, Air, and Fire.

Competition was tough. Ultimately, @Siorki took first place with Pest Control : Weasels—an arcade puzzle game similar to Lemmings (but with a twist).

Pest Control : Weasels by @Siorki

The overall quality of the entries in 2014 went through the roof. I really enjoyed the mayhem and visual effects of Extreme Mini Massacre, and was impressed by AP11, which looked like a proper GTA1 inspired game one could made in 13 kilobytes.


The theme for 2015 was Reversed.

In Behind Asteroids — The Dark Side by @gre, you play a classic game of Asteroids, but don’t control the ship! @remvst placed twice in 2015—in fifth with Taxi Drift and fourth with It's Raining... Boxes?!

Two games in the top 5 out of 160 entries is really impressive,” according to Andrzej.

Behind Asteroids - The Dark Side by @greweb

I was in love with the style of the main character of Captain Reverso, played RoboFlip, deeply enjoyed Road Blocks, and the winning entry Behind Asteroids showed other devs that you can actually use shaders within the limit and end up with incredible effects like a shadow of the player approaching the machine.


As the name of the top two entries from 2016 (Evil Glitch and Glitch Buster) might suggest, last year’s theme was Glitch. Even after the competition the developers (@agar3s and @remvst respectively) continued work on their entries and published the games on Steam.

Evil Glitch by @agar3s

Glitch Buster by @remvst

It's great to see the ideas that were born during the compo end up as full-blown games widely available to the public. They’re both available as prizes this year, so they can serve as an example of what can be achieved if you really believe in what you're doing.


The theme for this year will be announced on August 13th. Be sure to check out the js13kGames website for more information and resources to help get started. You'll find micro game engines and boilerplates, the latest minification tools, audio and video, tutorials, and more!

Commit to adventure with the Questocat tee

Inspire your inner adventurer with our fearless Questocat by your side. From merging old pull requests to exploring new lands, you'll always be ready to commit to adventure—just look at the back of your shirt if you need a reminder. This vintage game-inspired design is available now in the GitHub Shop.

Get your Questocat tee


Adventure over to the GitHub Shop to get one before they're gone. And pick up a Piratocat or Social Coding shirt for just $17.50 as part of our Closeout Sale while you're there!

We shot all Questocat photos at Brewcade SF. Check out upcoming Brewcade events.

Webcast recap: What data science can learn from open source development

Last week, Solutions Engineering Manager Aziz Shamim sat down with Datascope Analytics’ Jess Freaner to talk about how data scientists are uniquely positioned to adopt best practices from both science and software—and how her team is using open source practices to enhance collaboration and results. In case you missed it, here's a recording of the webcast, along with a few of our takeaways.


Transparency and openness are essential to Datascope’s success.

Feedback and collaborative knowledge-sharing are hallmarks of successful open source projects. Similarly, transparency and constant communication with clients is key to the success in data science according to Jess. Other practices that cross over from open source include frequent check-ins and reviews, shared documentation, and “reference code” that keeps the Datascope Team and clients on the same page.

Data scientists can benefit directly from open source.

At Datascope, teams contribute regularly to open source projects. They also maintain and develop projects of the own, including Textract, a library that extracts text from difficult documents to work with, such as PDFs, and traces, “a library for dealing with unevenly spaced time series that’s quite handy when efficiently working with sensor data.” Building on the knowledge shared by industry peers, Datascope can move their open projects beyond what could they could have accomplished in a vacuum.

Data scientists can start using open source practices today.

Jess and Aziz also shared four key areas of focus for teams wanting to get started with open source. In short, open source can help teams be more iterative, modular, hypothesis-driven, and human-centered. Integrating these concepts into your data science practice can help your team solve problems in a more holistic, collaborative, and agile way.

Hear more from Jess and Aziz in the recording or browse other GitHub resources.

Helping secure FOSS and the internet: our $100,000 donation to the Internet Bug Bounty


A little over three years ago, we launched our Security Bug Bounty Program, a way to reward security researchers who help make GitHub more secure by reporting vulnerabilities in our platform. Today, we're taking another step to support this type of effort on a much bigger scale. Along with Facebook and the Ford Foundation, we've donated $100,000 to the Internet Bug Bounty (IBB) to make the internet safer by catching more vulnerabilities in internet infrastructure and open source software.

How many vulnerabilities has the IBB found?

The IBB is responsible for awarding over $616,350 for more than 625 valid vulnerabilities in some of the most important software the internet community uses including RubyGems, Ruby, Phabricator, PHP, Python, and OpenSSL—$150,000 was awarded for over 250 vulnerabilities in last year alone. So far, $45,000 of hackers' bounties have been donated to organizations like the Electronic Frontier Foundation, Hackers for Charity, and Freedom of the Press Foundation.

How will the IBB use the donations?

Guidelines, bounties, and policies are decided by a volunteer panel selected from the security community. The panel will use the $300,000 to expand the scope of the IBB in two ways: a new Data Processing Program to "encompass numerous widespread data parsing libraries as these have been an increasing avenue for exploitation" and an expansion of "coverage of technologies that serve as the technical foundation of a free and open Internet, such as OpenSSL."

We're excited to support the IBB's vision and can't wait to see this initiative grow.

Learn more about the Internet Bug Bounty

Sign up for our webcast series: How GitHub uses GitHub

From product design mocks to user help content, GitHub teams use GitHub to build just about everything—and they're often collaborating across different timezones. As we continue to build products that fit all of your team's use cases, we're sharing insights into what's worked (and what hasn't worked) for our team's unique challenges in a new webcast series.

Each webcast will include approximately 40 minutes of tips from our team and 10 minutes of Q&A. Sign up for the ones you'd like to attend below.

Series schedule

July 25: Communicating with issues

In this session, you'll get the training we give new team members when they join GitHub. We'll cover strategies for clear communication, visual structure in issue comments, and how to facilitate discussion. These strategies are integral to how our team uses InnerSource and may help your team's InnerSource approach.

Watch the recording

August 22: Communicating with remote teams

Hear from two of our seasoned managers as they share how we pattern our work to build tools with 60% of our team members being remote. We'll cover communication patterns, the tools we use, and the cultural elements that contribute to more successful collaboration across timezones.

Sign up

September 26: Managing your teams

Sign up for this webcast to receive pratical tips from GitHub managers on how they create workflows that help employees do their best work. You'll learn how to use more GitHub features for managing your team and how to increase productivity with integrations. Finally, you'll learn how to measure your team's success on GitHub, and maybe get introduced to some new ways to celebrate your success.

Sign up

October 24: Managing your projects

In this session, you'll learn how to manage projects using GitHub features like projects, milestones, labels, and assignees. While these are tools we rely on at GitHub, we realize that some project managers need tools with a few more features, so you'll also get an overview of project management solutions in GitHub Marketplace. You'll leave this webcast ready to take your Github projects to the next level.

Sign up

November 28: Writing documentation for your projects

GitHub isn't just for software. Documentation teams use GitHub to create and publish everything from books to user help content. We'll share how we've adapted the GitHub flow to effectively meet our content creation needs. Whether you're on a team of writers or a solo developer, this webcast will introduce you to creating better documentation with GitHub.

Sign up


The GitHub Diversity Report

Today I am pleased to share our second annual Diversity Report. While we are working every day internally to make GitHub the most inclusive company it can possibly be, this report represents our commitment to the community to be transparent and accountable for continued progress.

This year, we saw growth across key indices as we welcomed more employees from a wide range of backgrounds into the company. Most specifically, we experienced a 2% growth in each of our Black and Asian communities and doubled our percentage of transgender and genderqueer employees (from 1% to 2%). We are extremely proud of this growth, and it is a result of commitments we made last year—commitments to improving our hiring practices and to our community partners who help keep the pipeline robust. While we are cautiously optimistic about our progress year-over-year, there is still a long way to go toward better representation in our company and in the entire sector.

One interesting data point we examined this year is around retention. As we look at our overall attrition rates, there is no significant difference among gender, race, or ethnicity in terms of who is staying with or leaving the company. This is a metric we will continue to keep an eye on and one that we will use to hold ourselves accountable as we build a more inclusive culture. We encourage other companies to do the same.

There are still places where we have more concentrated work to do. Specifically, we lost a percentage point in women in leadership. In addition, we would have liked to have seen stronger growth of people of color in leadership roles beyond a 2% gain.

Something I am proud to announce as part of our overall efforts is the creation of an Office of Employee Experience and Engagement, which will be led by Merritt Anderson. This office will be responsible for employee advocacy, diversity and inclusion, learning and development, and overall workplace experience. In her leadership position as a VP, Merritt will sit on the executive team and we will work together to improve the full experience of GitHub employees from recruitment through the end of their tenure. We continue to commit ourselves to improving employee experience for all people from all backgrounds. This builds on the good work of the Social Impact Team, a team that has strengthened us as a company over the past two years.

You can toggle through the report below to compare our progress year-over-year. My statement from last year can be found here.


Chris Wanstrath