Commit signing support for bots and other GitHub Apps
Commit signing is now enabled for all bots by default.
Category
Commit signing is now enabled for all bots by default.
We’re celebrating an exciting milestone with one million Dependabot pull requests merged.
Yarn now supports security alerts for public and private repositories.
It’s more important than ever that every developer becomes a security developer—that they responsibly disclose vulnerabilities and patch vulnerable code quickly. Today, we’re excited to announce several new security features designed to make it easier for developers to secure their code.
Today, Atlassian Bitbucket, GitHub, and GitLab are issuing a joint blog post in a coordinated effort to help educate and inform users of the three platforms on secure best practices relating to the recent Git ransomware incident. Though there is no evidence Atlassian Bitbucket, GitHub, or GitLab products were compromised in any way, we believe it’s important to help the software development community better understand and collectively take steps to protect against this threat.
The following is a guest post written by Dependabot's co-founder, @greystiel. Modern software often relies on hundreds of open source components, all of which need to be kept secure. Staying on top…
We've extended GitHub Token Scanning to include tokens from cloud service providers and additional credentials.
Learn how we use machine learning to power and build on security alerts and make GitHub more secure.
Finding compromised passwords and two-factor recovery checkups
If you use Python, we can now alert you whenever you depend on vulnerable packages.
As more developers draw from existing code libraries to build new tools, tracking changes in dependencies like security vulnerabilities has become more difficult. Since the launch of security alerts last…
Earlier today we permanently removed support for the following weak cryptographic standards on github.com and api.github.com: TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and Git connections to…
Last year we announced the deprecation of several weak cryptographic standards. Then we provided a status update toward the end of last year outlining some changes we'd made to make…
Last year we announced the deprecation of several weak cryptographic standards. Then we provided a status update toward the end of last year outlining some changes we'd made to make…