GitHub Enterprise Server 3.6 is now generally available
GitHub Enterprise Server 3.6 is now generally available
GitHub Blog Search
Search Results for: Security
Dependabot alerts are ranked by most important priority at the organization level
Dependabot alerts are ranked by most important priority at the organization level
The next step for LGTM.com: GitHub code scanning!
Today, GitHub code scanning has all of LGTM.com’s key features—and more! The time has therefore come to announce the plan for the gradual deprecation of LGTM.com.
Secret scanning: Organization admins can dry run custom patterns across all repositories
Secret scanning: Organization admins can dry run custom patterns across all repositories
GitHub Pages now uses Actions by default
As GitHub Pages, home to 16 million websites, approaches its 15th anniversary, we’re excited to announce that all sites now build and deploy with GitHub Actions.
Advisory Database supports GitHub Actions advisories
Advisory Database supports GitHub Actions advisories
Dependabot now alerts for vulnerable GitHub Actions
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
5 simple things you can do with GitHub Packages to level up your workflows
From hosting private packages in a private repository to tightening your security profile with GITHUB_TOKEN, here are five simple ways you can streamline your workflow with GitHub Packages.
Debugging CodeQL analysis in code scanning made easier by obtaining detailed logs and debugging artifacts from the CodeQL Action
Debugging CodeQL analysis in code scanning made easier by obtaining detailed logs and debugging artifacts from the CodeQL Action
The GitHub Enterprise Server 3.6 Release Candidate is available
The GitHub Enterprise Server 3.6 Release Candidate is available
Dependabot alerts: timeline of events on the alert details page
Dependabot alerts: timeline of events on the alert details page
Secret scanning: Admins now receive emails when contributors bypass a push protection block
Secret scanning: Admins now receive emails when contributors bypass a push protection block
Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.
Secret scanning: Admins can now sort and filter their custom patterns
Secret scanning: Admins can now sort and filter their custom patterns
Dependency graph adds package metadata for Rust dependencies
The dependency graph now shows additional metadata for Rust dependencies, and listed dependencies link back to the GitHub repositories for the package if available. Learn more about the dependency graph.
6 strategic ways to level up your CI/CD pipeline
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline.
Code scanning enterprise-level REST API
GitHub Advanced Security customers can now retrieve repository code scanning results at the enterprise level via the GitHub REST API. This new endpoint supplements the existing repository-level and organization-level endpoints.…
Dependabot alerts are now ranked by most important priority
Dependabot alerts will now be easier to prioritize with a new “Most Important” sort. For the alerts repository list view, by default, alerts will be sorted in a way to…
Sendinblue is now a GitHub secret scanning partner
Sendinblue is now a GitHub secret scanning partner