GitHub Advisory Database now open to community contributions
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.
Category
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.
A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.
Practical tips on how to apply OWASP Top 10 Proactive Control C4.
A comprehensive guide for vulnerability reporters.
Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate.
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.
The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions!
When it comes to secure database access, there's more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.
GitHub continues to improve account security and developer experience with a new 2FA mechanism in GitHub Mobile on iOS and Android.
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.
My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.
The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.
In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.
Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.