Improving Git protocol security on GitHub Enterprise Server
The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6.
Category
Security
GitHub Advisory Database now supports Erlang and Elixir packages!
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.
GitHub enables the development of functional safety applications by adding support for coding standards AUTOSAR C++ and CERT C++
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance.
Creating a more comprehensive dependency graph with build time detection
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
The Android kernel mitigations obstacle race
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.
GitHub now publishes malware advisories in the GitHub Advisory Database
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
Introducing Entitlements: GitHub’s open source Identity and Access Management solution
We're excited to announce that we're open sourcing our Identity and Access Management solution: Entitlements.
One developer’s journey bringing Dependabot to GitHub Enterprise Server
A personal story about building the feature you want and sharing it with the world.
GitHub brings supply chain security features to the Rust community
The Rust community can now discover, report, and prevent security vulnerabilities.
What’s new in security and user management for GitHub Enterprise
Learn how you can securely manage users with the latest ships for GitHub Enterprise.
Connecting to a private network from GitHub-hosted Actions runners
Several ways for GitHub-hosted Actions runners to connect to resources on your private network.
GitHub Enterprise Server 3.5 is now generally available
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.
npm security update: Attack campaign using stolen OAuth tokens
npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.
How we use Dependabot to secure GitHub
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
Eight years of the GitHub Security Bug Bounty program
It was another record year for our Security Bug Bounty program. We're excited to highlight some achievements we’ve made together with the bounty community from 2021!