How empowering developers helps teams ship secure software faster
AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.
Category
Security
How GitHub converts previously encrypted and unencrypted columns to ActiveRecord encrypted columns
This post is the second part in a series about ActiveRecord::Encryption that shows how GitHub upgrades previously encrypted and unencrypted columns to ActiveRecord::Encryption.
Creating a more inclusive security research field
A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecurity roles.
Cybersecurity spotlight on bug bounty researcher @ahacker1
As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program.
What we learned from the Security Lab’s Community Office Hours
The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.
Why and how GitHub encrypts sensitive database columns using ActiveRecord::Encryption
You may know that GitHub encrypts your source code at rest, but you may not have known that we encrypt sensitive database columns as well. Read about our column encryption strategy and our decision to adopt the Rails column encryption standard.
Why we’re excited about the Sigstore general availability
The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.
Git security vulnerabilities announced
Upgrade your local installation of Git, especially when cloning with --recurse-submodules from untrusted repositories, or if you use git shell interactive mode.
Introducing fine-grained personal access tokens for GitHub
Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens.
5 tips for embedding security into your workflows
Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease.
Introducing GitHub Advanced Security SIEM integrations for security professionals
Learn about using GitHub Advanced Security (GHAS) alerts with Security Information and Events Management (SIEM) tools. Check out the integrations, and read more about getting started.
View GitHub code scanning findings directly in VS Code and GitHub Codespaces
Developers can now view GitHub code scanning findings directly in VS Code and GitHub Codespaces. The new Microsoft SARIF Viewer extension gives developers direct access to their code scanning results, making remediating vulnerabilities easier than ever.
GitHub’s supply chain security features now support Dart
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.
Detect secrets in your code more accurately with dry runs for custom patterns now available in GitHub Advanced Security
Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security.
Best practices on rolling out code scanning at enterprise scale
Learn best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.