
Looking back on the GitHub Security Lab Capture The Flag: CodeQL and chill
One year ago, the security research team at Semmle launched its first Capture the Flag (CTF), as part of the Hack In The Box (HITB) Amsterdam conference. We wanted to…
Category
One year ago, the security research team at Semmle launched its first Capture the Flag (CTF), as part of the Hack In The Box (HITB) Amsterdam conference. We wanted to…
Keeping your dependencies updated is one of the easiest ways to keep the software you build secure. However, while it’s critically important to keep your dependencies updated, in a recent…
Saying thanks is now a core part of the Security Advisory workflow.
Learn more about the security vulnerabilities affecting Git 2.26.1 and older.
Learn more about the Bug Bounty program, including a recap of 2019’s bugs, our expanded scope, new features, and more.
Learn more about how we found ways to scale our vulnerability hunting efforts and empower others to do the same. In this post, we’ll take a deep-dive in the remediation of a security vulnerability with CERT.
Learn more about what’s behind the scenes with GitHub vulnerability alerts.
Keep GitHub Enterprise Server secure with our recommendations for security best practices, from password protection to logging and auditing.
On Day Two of GitHub Universe 2019, we announced GitHub Security Lab to bring together security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for everyone.
Software security is a collective problem, a responsibility that involves producers and consumers of code, open source maintainers, security researchers, and security teams. At GitHub, we want to give the community the tools it needs to secure the software we all depend on.
Today we’re announcing a big step in securing the open source supply chain: we’re welcoming Semmle to the GitHub.
The dependency graph is rolling out for all PHP repositories with Composer dependencies. In addition to Composer, GitHub supports package managers for many other programming languages, including Maven, NPM, Yarn, and Nuget.
The WebAuthn standard for security keys is making authentication as easy as possible. Now you can use security keys for second-factor authentication on GitHub with many more browsers and devices.
Token scanning has reached a new milestone: one billion tokens identified. We’ve also added five new partners—Atlassian, Dropbox, Discord, Proctorio, and Pulumi.
Commit signing is now enabled for all bots by default.