Security

GitHub’s post-CSP journey

Last year we shared some details on GitHub's CSP journey. A journey was a good way to describe it, as our usage of Content Security Policy (CSP) significantly changed from…

Patrick Toomey January 19, 2017

GitHub Enterprise 2.7 is now available with enhanced security and more powerful APIs

A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for…

Dirkjan Bussink August 3, 2016

GitHub Security Update: Reused password attack

What happened? On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using…

Shawn Davenport June 16, 2016

GitHub’s CSP journey

We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content…

Patrick Toomey April 12, 2016

Public Key Security Vulnerability and Mitigation

At 8:49am Pacific Time this morning a GitHub user exploited a security vulnerability in the public key update form in order to add his public key to the rails organization.…

Tom Preston-Werner March 4, 2012