Six years of the GitHub Security Bug Bounty program
Learn more about the Bug Bounty program, including a recap of 2019’s bugs, our expanded scope, new features, and more.
Category
Security
CERT partners with GitHub Security Lab for automated remediation
Learn more about how we found ways to scale our vulnerability hunting efforts and empower others to do the same. In this post, we’ll take a deep-dive in the remediation of a security vulnerability with CERT.
Behind the scenes: GitHub security alerts
Learn more about what’s behind the scenes with GitHub vulnerability alerts.
Security best practices for GitHub Enterprise Server
Keep GitHub Enterprise Server secure with our recommendations for security best practices, from password protection to logging and auditing.
Announcing GitHub Security Lab: securing the world’s code, together
On Day Two of GitHub Universe 2019, we announced GitHub Security Lab to bring together security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for everyone.
Securing software, together
Software security is a collective problem, a responsibility that involves producers and consumers of code, open source maintainers, security researchers, and security teams. At GitHub, we want to give the community the tools it needs to secure the software we all depend on.
Welcoming Semmle to GitHub
Today we’re announcing a big step in securing the open source supply chain: we’re welcoming Semmle to the GitHub.
Dependency graph support is now available for PHP repositories with Composer dependencies
The dependency graph is rolling out for all PHP repositories with Composer dependencies. In addition to Composer, GitHub supports package managers for many other programming languages, including Maven, NPM, Yarn, and Nuget.
GitHub supports Web Authentication (WebAuthn) for security keys
The WebAuthn standard for security keys is making authentication as easy as possible. Now you can use security keys for second-factor authentication on GitHub with many more browsers and devices.
GitHub Token Scanning—one billion tokens identified and five new partners
Token scanning has reached a new milestone: one billion tokens identified. We’ve also added five new partners—Atlassian, Dropbox, Discord, Proctorio, and Pulumi.
Commit signing support for bots and other GitHub Apps
Commit signing is now enabled for all bots by default.
One million Dependabot pull requests merged
We’re celebrating an exciting milestone with one million Dependabot pull requests merged.
Yarn support for security alerts
Yarn now supports security alerts for public and private repositories.
Introducing new ways to keep your code secure
It’s more important than ever that every developer becomes a security developer—that they responsibly disclose vulnerabilities and patch vulnerable code quickly. Today, we’re excited to announce several new security features designed to make it easier for developers to secure their code.
Git ransom campaign incident report—Atlassian Bitbucket, GitHub, GitLab
Today, Atlassian Bitbucket, GitHub, and GitLab are issuing a joint blog post in a coordinated effort to help educate and inform users of the three platforms on secure best practices relating to the recent Git ransomware incident. Though there is no evidence Atlassian Bitbucket, GitHub, or GitLab products were compromised in any way, we believe it’s important to help the software development community better understand and collectively take steps to protect against this threat.