Using GitHub’s security features to help identify Log4j exposure in your codebase
Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.
Category
Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.
Defining your security requirements is the most important proactive control you can implement for your project. Here's how.
On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.
Today we're introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab's @kevinbackhouse describes enrolling a project.
The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
During Universe, we received a number of security questions ranging from our strategy to our advisories. Here's what we've got planned!
When you're fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.
This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project.
GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool.