Skip to content

Token scanning inside ZIP files

GitHub token scanning now scans inside any zip-encoded file. This covers files with a .zip extension and many other common file formats, like .xlsx and .numbers, that are zip-encoded. These scans are in addition to the existing scans of the text content of every commit to every public repository. In all cases, we scan for both GitHub tokens and tokens for a number of our partners.

When GitHub detects a set of credentials, we notify the service provider who issued the token. The service provider validates the credential and then decides whether they should revoke the token, issue a new token, or reach out to you directly, which will depend on the associated risks to you or the service provider. These steps can protect you from data loss and from unexpected large bills from your service providers.

Learn more about how to become a token scanning partner

We ran into an issue during our planned move of the GitHub and Slack integration to a new data center on Saturday, March 14 and were unable to complete it. The issue has been resolved and the move is now scheduled for Saturday, March 21, 2020 from 4-5 PM (Pacific).

During this time, slash commands (like /github subscribe), link previews (unfurls), and notifications will not be available from Slack. No other services will be impacted.

Thank you for your understanding as we work to improve the integration between GitHub and Slack.

See more

Starting today, we will assign CVE IDs to security vulnerabilities affecting GitHub Enterprise Server. We will continue to document security fixes in the release notes as they are today, and now we will also mention if a CVE has been assigned to the issue.

As a CVE Numbering Authority for our products, GitHub can issue CVEs for security vulnerabilities affecting GitHub Enterprise Server. By doing so, we will give administrators a consistent way to be aware of and identify the security risks of outdated versions.

Learn more about CVE Identifiers and stay up to date with the latest GitHub Enterprise Server releases

See more