The crates.io registry is now a GitHub secret scanning integrator
The crate.io registry is now a GitHub secret scanning integrator
GitHub Blog Search
The crate.io registry is now a GitHub secret scanning integrator
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.
Linear and Ionic are now GitHub secret scanning integrators
RubyGems, Adobe and OpenAI are now GitHub secret scanning integrators
The Python Package Index is now a GitHub secret scanning integrator
New rate limit for the audit log API endpoints is active
What’s the state of open source and how has it changed over the last decade? GitHub’s VP of Developer Relations, Martin Woodward, tackles that question and more in a 2022 keynote.
We’re introducing calendar-based versioning for our REST API, so we can keep evolving our API, whilst still giving integrators a smooth migration path and plenty of time to update their integrations.
npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.
On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client - GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys.
The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.
A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.
This month, we have some exciting updates to share. A lot of you have welcomed the improvements to your ability to sync a forked repo with upstream from the web…
About a year ago, we migrated an old rate limiter in order to serve more traffic and accommodate a more resilient platform architecture. We adopted a replicated Redis backend with…
Authentication token format updates are generally available
In July 2020, we announced our intent to require the use of token-based authentication (for example, a personal access, OAuth, or GitHub App installation token) for all authenticated Git operations.…