The Copyright Office expands your security research rights
Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.
GitHub Blog Search
Search Results for: Security
Accelerate security adoption in your organization
The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.
GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
Highlights from GitHub’s security roadmap at Universe 2021
During Universe, we received a number of security questions ranging from our strategy to our advisories. Here's what we've got planned!
Export GitHub Advanced Security license usage data
Export GitHub Advanced Security license usage data
GitHub Enterprise Server 3.3 enhances CI/CD and adds a new security manager role
This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode.
Blue-teaming for Exiv2: three rules of bug fixing for better OSS security
When you're fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.
Blue-teaming for Exiv2: creating a security advisory process
This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project.
Cybersecurity spotlight on bug bounty researcher @yvvdwf
We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program: @yvvdwf
GitHub Actions for security and compliance
GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool.
Introducing the organization-level security manager role
Introducing the organization-level security manager role
GitHub security update: revoking weakly-generated SSH keys
On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client - GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys.
Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
GitHub's bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.
GitHub Enterprise Server 3.2 brings new color modes and added security capabilities
GitHub Enterprise Server 3.2 is available today as a release candidate.
An analysis on developer-security researcher interactions in the vulnerability disclosure process
We put out a call to open source developers and security researchers to talk about the security vulnerability disclosure process. Here's what we found.
GitHub security update: Vulnerabilities in tar and @npmcli/arborist
Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.
Improving Git protocol security on GitHub
We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline.
15+ new code scanning integrations with open source security tools
Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.
Security alert digests now follow watching settings
Security alert digests now follow watching settings
GitHub’s supply chain security features now support Go modules
GitHub's supply chain security features now support Go modules
GitHub brings supply chain security features to the Go community
GitHub’s supply chain security features are now available for Go modules, which will help the Go community discover, report, and prevent security vulnerabilities.