SSH certificate authentication for GitHub Enterprise Cloud
Enterprise and organization admins can now register their SSH certificate authorities with GitHub, helping their team access repositories over Git using SSH certificates.
Introducing Soft U2F, a software U2F authenticator for macOS
In an effort to increase the adoption of FIDO U2F second factor authentication, we're releasing Soft U2F—a software-based U2F authenticator for macOS. Soft U2F currently works with Google Chrome and…
Soft U2F
In an effort to increase the adoption of FIDO U2F second factor authentication, we're releasing Soft U2F: a software-based U2F authenticator for macOS. We've long been interested in promoting better…
HTTPS for GitHub Pages
Millions of people rely on GitHub Pages to host their websites and millions more visit these websites every day. To better protect traffic to GitHub Pages sites, as well as…
Two years of bounties
Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users…
LIKE injection
Looking through our exception tracker the other day, I ran across a notice from our slow-query logger that caught my eye. I saw a SELECT … WHERE … LIKE query…
GitHub supports Universal 2nd Factor authentication
May 5, 2021 update: The limited edition U2F Security Keys described in this post are no longer available. To help users better secure their accounts, we are expanding GitHub's authentication…
Subresource Integrity
Like many sites, GitHub uses a content delivery network (CDN) to serve static assets such as JavaScript, CSS, and images to our users. The CDN makes web browsing faster by…
GitHub implements Subresource Integrity
With Subresource Integrity (SRI), using GitHub is safer than ever. SRI tells your browser to double check that our Content Delivery Network (CDN) is sending the right JavaScript and CSS…
Read-only deploy keys
You can now create deploy keys with read-only access. A deploy key is an SSH key that is stored on your server and grants access to a single GitHub repository.…
GitHub Security Bug Bounty program turns one
It's already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our…
View Issue/Pull Request buttons for Gmail
If you're a Gmail user who gets GitHub notifications via email, you'll notice that we've added subject-line links to issues and pull requests on notification messages. You can use these…
Two-factor Authentication
Today we're adding two-factor authentication to GitHub. When you enable this feature, it adds an additional layer of security to your account. When logging in to GitHub, after providing your…
Introducing GitHub Sudo Mode
In the ongoing effort to keep our users safe, we recently took inspiration from the Unix sudo command. We wanted to require password confirmation for dangerous actions on GitHub.com, but…
Heads up: nosniff header support coming to Chrome and Firefox
Both GitHub and Gist offer ways to view "raw" versions of user content. Instead of viewing files in the visual context of the website, the user can see the actual…