Search results for: Search

The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.

The State of the Octoverse analyzes data from millions of developers & repos to share trends across working habits, productivity, and career satisfaction.

To celebrate this most recent release, here’s GitHub’s look at some of the most interesting features and changes introduced since last time.

During Universe, we received a number of security questions ranging from our strategy to our advisories. Here’s what we’ve got planned!

Here are a few ways our teams use GitHub Discussions internally to build community, simplify workflows, and get key insights into our work.

Developers and security researchers using the CodeQL CLI and VS Code extension can now build databases and analyze code on machines powered by Apple Silicon (e.g. Apple M1). In order…

GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of…

When you’re fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.

This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project.

A command palette beta is now available for all users across github.com. Quickly navigate to your organizations and repositories, and use modes to find and jump-to pull requests, issues, projects,…

Since we introduced the new GitHub Issues earlier this year in a private beta, we’ve been working hard to expand access to all developers in order to make GitHub the…

GitHub is where developers come to learn and celebrate what’s new in open source, and where maintainers share, collaborate and celebrate their community’s work. Starting today, two improvements to the…

Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.

This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of…

As part of our ongoing commitment to ensure GitHub’s conferences are accessible and inclusive to people from all walks of life, we’re offering 30-minute, 1:1 micro-mentoring sessions with GitHub employees.

GitHub Secret Scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and fraudulent uses of secrets that…

Giving back to open source projects is a great way to practice skills you don’t get to use in your day job. Check out ways to get involved!

Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.

Since our last update, we’ve continued to improve the GitHub Issues beta to expand the capabilities of both project tables and boards. Here are some of the recent ships: 🤖…