SSH certificate authentication for GitHub Enterprise Cloud
Enterprise and organization admins can now register their SSH certificate authorities with GitHub, helping their team access repositories over Git using SSH certificates.
Introducing Soft U2F, a software U2F authenticator for macOS
In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F—a software-based U2F authenticator for macOS. Soft U2F currently works with Google Chrome and Opera’s built-in U2F implementations, as
Soft U2F
In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F: a software-based U2F authenticator for macOS. We’ve long been interested in promoting better user security through two-factor authentication
HTTPS for GitHub Pages
Millions of people rely on GitHub Pages to host their websites and millions more visit these websites every day. To better protect traffic to GitHub Pages sites, as well as to encourage the broader adoption
Two years of bounties
Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users and their data safe on
LIKE injection
Looking through our exception tracker the other day, I ran across a notice from our slow-query logger that caught my eye. I saw a SELECT … WHERE … LIKE query with lots of percent signs
GitHub supports Universal 2nd Factor authentication
To help users better secure their accounts, we are expanding GitHub’s authentication system to support FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard. GitHub encourages developers to build U2F support into their own
Subresource Integrity
Like many sites, GitHub uses a content delivery network (CDN) to serve static assets such as JavaScript, CSS, and images to our users. The CDN makes web browsing faster by delivering assets from data centers
GitHub implements Subresource Integrity
With Subresource Integrity (SRI), using GitHub is safer than ever. SRI tells your browser to double check that our Content Delivery Network (CDN) is sending the right JavaScript and CSS to your browser. Without SRI,
Read-only deploy keys
You can now create deploy keys with read-only access. A deploy key is an SSH key that is stored on your server and grants access to a single GitHub repository. They are often used to
See what launched at GitHub Universe
Missed the main event? Learn more about everything that launched at GitHub Universe, from GitHub for mobile and a redesigned notifications experience to the GitHub Archive Program.
Read the day one keynote recapSecure the world's code, together
On day two of GitHub Universe, we announced GitHub Security Lab, bringing together security researchers, maintainers, and companies across the industry to secure open source.
Read the day two keynote recap