Company Directory - GitHub, Inc.
Company Details - GitHub, Inc.
GitHub, Inc.
WebsiteSan Francisco, United States
GitHub is a web-based platform for version control and collaboration. It enables developers to store and manage their code, track changes, and work together on both private and open source projects.
CCI Score
CCI Score: GitHub, Inc.
22.84
-0.09%
Latest Event
Supply Chain Compromise of Third-Party GitHub Action (CVE-2025-30066)
A widely-used third-party GitHub Action, tj-actions/changed-files, was compromised, resulting in potential disclosure of access tokens, PATs, and other sensitive secrets. The incident, reported by CISA on March 19, 2025, raises concerns about the security oversight in GitHub's ecosystem of third-party integrations.
Take Action
So what can you do? Support GitHub by shopping, spreading the word, or offering your support.
- Shop Alternatives
SEE ALL - Use Your Voice
OTHER TOOLS - Investigate
- Share the Score
SUPPORT CCI
SABOTEUR
GitHub, Inc. is currently rated as a Saboteur.
Latest Events
- MAR192025
A widely-used third-party GitHub Action, tj-actions/changed-files, was compromised, resulting in potential disclosure of access tokens, PATs, and other sensitive secrets. The incident, reported by CISA on March 19, 2025, raises concerns about the security oversight in GitHub's ecosystem of third-party integrations.
-30
Supply Chain Ethics
March 27
The incident highlights a serious vulnerability within GitHub's third-party supply chain security. The compromise of a GitHub Action resulted in the potential exposure of critical secrets and access credentials. While there is no indication that GitHub intentionally enabled authoritarian practices, the oversight in managing and vetting third-party tools reflects a lapse in ethical responsibility, potentially undermining user trust and security. This failure could inadvertently facilitate exploitation by malicious actors, including those aligned with authoritarian agendas.
Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066 - CISA
- FEB062025
OpenSecrets' profile of GitHub Inc. reveals that during the 2024 cycle, the company contributed $2,337,890 in political donations and reported no lobbying expenditures. The data reflects the company’s involvement in political finance without clear evidence of supporting authoritarian or anti‐fascist agendas.
+0
Political Contributions and Lobbying Efforts
March 27
The OpenSecrets profile indicates that GitHub Inc. made significant political contributions in the 2024 cycle, yet did not engage in lobbying activities. Without additional context on the partisan use of these funds, the action is evaluated as politically neutral from an anti-fascist perspective.
- NOV012023
In 2023, GitHub doubled down on its Diversity, Inclusion, and Belonging strategy through initiatives including increased minority hiring, accessibility improvements, policy advocacy like joining the Copenhagen Pledge, and expanded programs for underrepresented groups in tech.
+70
Public and Political Behavior
March 27
GitHub’s public commitment to policy advocacy, evidenced by joining the Copenhagen Pledge to support digital technologies that foster democracy and human rights, demonstrates a strong stance favoring progressive, anti-authoritarian values.
+80
Business Practices and Ethical Responsibility
March 27
GitHub’s multifaceted DEI strategy—evidenced by measurable increases in underrepresented hiring, employee engagement programs, and community support initiatives—reflects a robust commitment to ethical business practices and worker empowerment.
+60
Technology and Services Impact
March 27
Investments in accessibility—such as appointing a head of accessibility and hiring a developer with disabilities—demonstrate GitHub’s commitment to inclusive technological improvements and service accessibility, fostering equal participation in tech.
- JAN172021
GitHub reversed its decision to fire a Jewish employee who mentioned 'Nazis' in a Slack message during a charged period following the Capitol attack. The reversal, which came after strong internal employee mobilization and an open letter, was accompanied by a public statement from CEO Nat Friedman condemning white supremacist violence and the insurrection, and resulted in the resignation of the head of human resources.
+50
Public and Political Behavior
March 27
GitHub's prompt reversal and public condemnation of extremist actions—highlighting the presence of Nazis and white supremacists during the Capitol attack—demonstrates a commitment to transparent and corrective public political behavior. This move supports democratic values and counters authoritarian narratives.
GitHub fired a Jewish employee who called out 'Nazis.' Now, it's reversing that decision.
+70
Labor Relations and Human Rights Practices
March 27
The reversal of the firing, prompted by a strong internal employee response and an open letter, underlines GitHub's eventual commitment to protecting workers' rights and rectifying potentially discriminatory practices. This action aligns with anti-fascist values by ensuring that marginalized voices within the company are protected.
GitHub fired a Jewish employee who called out 'Nazis.' Now, it's reversing that decision.
Alternatives
Minneapolis, United States
64.71
Redmond, United States
55.15
Windsor, United States
53.49
Palo Alto, United States
43.55
Foster City, United States
37.61
Foster City, United States
35.07
Santa Clara, United States
34.35
Redmond, United States
27.42
New York, United States
23.26
San Jose, United States
14.66
Industries
- 541511
- Custom Computer Programming Services
- 541512
- Computer Systems Design Services
- 511210
- Software Publishers