Audit log streaming to AWS S3 integration with AWS CloudTrail Lake
Audit log streaming to AWS S3 integration with AWS CloudTrail Lake
GitHub Blog Search
Search Results for: Security
Action needed for GitHub Desktop and Atom users
Update to the latest version of Desktop and previous version of Atom before February 2.
Bypassing OGNL sandboxes for fun and charities
Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.
Enable private vulnerabilty reporting organization-wide
Enable private vulnerabilty reporting organization-wide
Introducing the GitHub Bug Bounty swag store
We're excited to share the newest addition to our GitHub Bug Bounty Program!
Pwning the all Google phone with a non-Google bug
It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit that used this vulnerability to gain arbitrary kernel code execution and root on a Pixel 6 from an Android app.
Twilio Segment is now a GitHub secret scanning partner
Twilio Segment is now a GitHub secret scanning partner
Secret scanning users can now see the validity of detected GitHub tokens
Secret scanning users can now see the validity of detected GitHub tokens
The crates.io registry is now a GitHub secret scanning integrator
The crate.io registry is now a GitHub secret scanning integrator
False-alert flags will appear in audit logs due to a bug in branch protections
False-alert flags will appear in audit logs due to a bug in branch protections
Remediation made simple: Introducing new validity checks for GitHub tokens
GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.
Dependabot alerts are now visible to more developers
Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.
3 common DevOps antipatterns and cloud native strategies that can help
Explore how GitHub and cloud native strategies can help you address common DevOps pipeline and team antipatterns.
A smarter, quieter Dependabot
Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.
Passwordless deployments to the cloud
Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).
GitHub Actions: OpenID Connect token now supports more claims for configuring granular cloud access
GitHub Actions: OpenID Connect token now supports more claims for configuring granular cloud access
Introducing required workflows and configuration variables to GitHub Actions
Now, you can standardize and enforce CI/CD best practices across all repositories in your organization to reduce duplication and secure your DevOps processes.