The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
Default setup is a new way to automatically set up code scanning on your repository, without the use of a .yaml file.
GitHub Enterprise has evolved to support the needs of enterprise administrators, corporate security teams, and individual developers who contribute to open source.
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6.
Learn how you can securely manage users with the latest ships for GitHub Enterprise.
The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.
GitHub’s dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package by parsing manifest files, so that you can better manage the security and compliance of your dependencies.
Protect your team’s code with secure software development best practices like setting up SAML/SCIM integrations, enforcing policies to avoid code leakage, and more.
GitHub stores your source code, releases, and a vast amount of invaluable information in issues and pull requests. While GitHub Enterprise Server (GHES), our self hosted solution, provides great security by default, administrators can take additional steps to further harden their appliance. This post will guide you through the most important settings.
We all play a role in securing the world’s code. No one company can solve things alone, including GitHub, which is why it is critical to combine the energies of…
Now you can define secrets for an organization, making it easier to keep secrets synced across multiple repositories.
Keep GitHub Enterprise Server secure with our recommendations for security best practices, from password protection to logging and auditing.
Liran Tal, Developer Advocate at Snyk, shared a few key takeaways and advice from their 2019 Open Source Security Report.
It’s more important than ever that every developer becomes a security developer—that they responsibly disclose vulnerabilities and patch vulnerable code quickly. Today, we’re excited to announce several new security features designed to make it easier for developers to secure their code.
The following is a guest post written by Dependabot’s co-founder, @greystiel. Modern software often relies on hundreds of open source components, all of which need to be kept secure. Staying on top…
GitHub has achieved SOC 2 Type 1 and SOC 1 Type 1 compliance for GitHub Business Cloud.
This post was written by our partners at Sentry—an open source error tracker that helps you prioritize, identify, reproduce, and fix issues. Install Sentry from GitHub Marketplace or the Student…
We want to free up your administrator’s time by providing a tool that requires little maintenance and great out-of-the-box security. By following a few simple steps, GitHub Enterprise can be…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.