GitHub’s supply chain security features now support Dart
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.
GitHub Blog Search
Search Results for: Security
Detect secrets in your code more accurately with dry runs for custom patterns now available in GitHub Advanced Security
Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security.
Dependabot security updates removes unneeded transitive dependencies
Dependabot security updates removes unneeded transitive dependencies
Security alert: new phishing campaign targets GitHub users
On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.
Update and configure code security enablement settings via the organization REST API
Update and configure code security enablement settings via the organization REST API
What you can expect at GitHub Universe 2022: cloud, security, community, and AI
Register now to attend GitHub Universe virtually or in-person at the Yerba Buena Center for the Arts in San Francisco on November 9-10.
False-alert flags will appear in users security log due to a bug in 2FA recovery events
False-alert flags will appear in users security log due to a bug in 2FA recovery events
Security overview is now available to all GitHub Enterprise users
Security overview is now available to all GitHub Enterprise users
New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
All GitHub Enterprise users now have access to the security overview
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
REST API now available for the organization-level security manager role (Public Beta)
REST API now available for the organization-level security manager role (Public Beta)
Introducing even more security enhancements to npm
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.
How the GitHub Security Team uses projects and GitHub Actions for planning, tracking, and more
Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly.
Improving Git protocol security on GitHub Enterprise Server
The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6.
GitHub brings supply chain security features to the Rust community
The Rust community can now discover, report, and prevent security vulnerabilities.
What’s new in security and user management for GitHub Enterprise
Learn how you can securely manage users with the latest ships for GitHub Enterprise.
npm security update: Attack campaign using stolen OAuth tokens
npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.
Eight years of the GitHub Security Bug Bounty program
It was another record year for our Security Bug Bounty program. We're excited to highlight some achievements we’ve made together with the bounty community from 2021!
Today’s most common security vulnerabilities explained
We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
Software security starts with the developer: Securing developer accounts with 2FA
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.