Search results for: triage

Reduce developer and auditor friction involved in demonstrating compliance and maintaining end-to-end traceability by focusing your efforts around the pull request.

Experts explain how to recruit and onboard co-maintainers.

Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.

Hear from Grafana Labs’ Armand Grillet about how his team uses GitHub Projects.

The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform’s authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform.

Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.

Explore how the GitHub Docs team uses GitHub Projects for content coordination, reviews, and publishing.

Category Forms allow maintainers to create templates for their GitHub Discussions, which means that users can start new discussions with all the necessary information already included.

GitHub Mobile helps keep work going while you’re going. Untether yourself from your office.

Privately report vulnerabilities to repository maintainers

GitHub Enterprise Server 3.7 is available now, including a single view of code risk, new forking and repository policies, and security enhancements to the management console.

Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease.

Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building.

Custom repository role creation APIs are now available in public beta

This month’s featured open source project, Open Sauced, connects contributors and maintainers through analytical insights.

The Rust community can now discover, report, and prevent security vulnerabilities.

View and edit projects(beta) custom fields on GitHub Mobile

A comprehensive guide for vulnerability reporters.

The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.

GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.

Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.