Removing the stigma of a CVE
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.
GitHub Blog Search
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
We’re kicking off InFocus, a global virtual event focused on accelerating, securing, and improving the way software development teams work.
We’re releasing exciting improvements that will streamline your Codespaces experience when working with multi-repository projects and monorepos.
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.
Enterprise admin only policy for outside collaborators
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
Secret scanning custom pattern events now in the audit log
In March, we experienced several incidents resulting in significant impact to multiple GitHub services.
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.
From automating builds and releases to taking care of large-scale regression testing, here are a few ways we use GitHub Actions to build GitHub.
Secret scanning prevents secret leaks with protection on push
Organizations with GitHub Advanced Security can now proactively protect against secret leaks with secret scanning’s new push protection feature.
We believe our technical interviews should be as similar as possible to the way we work at GitHub.
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We've seen bad actors expand their focus to taking over user…