A call for feedback on our policies around exploits and malware
April 30, 2021 update: Thank you to everyone who's weighed in on the discussion so far. I've commented in the pull request to clarify a few points based on initial…
Category
April 30, 2021 update: Thank you to everyone who's weighed in on the discussion so far. I've commented in the pull request to clarify a few points based on initial…
GitHub Actions provide a powerful, extensible way to automate software development workflows. When access to outside resources is required, GitHub provides the ability to store encrypted secrets used by GitHub…
We're excited to share a deep dive into how our new authentication token formats are built and how these improvements are keeping your tokens more secure. As we continue to…
GitHub Advanced Security helps you create secure applications with a community-driven, developer-first approach. Today, we are excited to announce two updates: Beta of the new security overview for organizations and…
When it comes to security research, the path from bug to vulnerability to exploit can be a long one. Security researchers often end their research journey at the “Proof of…
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…
On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is…
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.
Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…
Today, the Git project released new versions to address CVE-2021-21300: a security vulnerability in the delayed checkout mechanism used by Git LFS during git clone operations affecting versions 2.15 and…
Why did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out…
Save the date! March 17 to 21, take your chance with the GitHub CTF “A Call to Hacktion!” What is a CTF? In software security, a Capture the Flag (CTF)…
Software security doesn't end at the boundaries of your own code. The moment a library dependency is introduced, you're adopting other people’s code and any bugs that come with it.…
The world runs on software, and a large portion of it, especially the open source software that’s part of everything we experience, is built by millions of developers on GitHub…
Supply chain attacks are a reality in modern software development. Thankfully, you can reduce the attack surface by taking precautions and being thoughtful about how you manage your dependencies. We…