Category

Security

Weak cryptographic standards removed

Weak cryptographic standards removed

Earlier today we permanently removed support for the following weak cryptographic standards on github.com and api.github.com: TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and Git connections to…

Patrick Toomey
Introducing security alerts on GitHub

Introducing security alerts on GitHub

Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for…

Miju Han
GitHub’s post-CSP journey

GitHub’s post-CSP journey

Last year we shared some details on GitHub's CSP journey. A journey was a good way to describe it, as our usage of Content Security Policy (CSP) significantly changed from…

Patrick Toomey
GitHub’s CSP journey

GitHub’s CSP journey

We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content…

Patrick Toomey