Secret scanning: Admins now receive emails when contributors bypass a push protection block
Secret scanning: Admins now receive emails when contributors bypass a push protection block
GitHub Blog Search
Search Results for: Security
Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.
Secret scanning: Admins can now sort and filter their custom patterns
Secret scanning: Admins can now sort and filter their custom patterns
Dependency graph adds package metadata for Rust dependencies
The dependency graph now shows additional metadata for Rust dependencies, and listed dependencies link back to the GitHub repositories for the package if available. Learn more about the dependency graph.
6 strategic ways to level up your CI/CD pipeline
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline.
Code scanning enterprise-level REST API
GitHub Advanced Security customers can now retrieve repository code scanning results at the enterprise level via the GitHub REST API. This new endpoint supplements the existing repository-level and organization-level endpoints.…
Dependabot alerts are now ranked by most important priority
Dependabot alerts will now be easier to prioritize with a new “Most Important” sort. For the alerts repository list view, by default, alerts will be sorted in a way to…
Sendinblue is now a GitHub secret scanning partner
Sendinblue is now a GitHub secret scanning partner
Managing a game dev community with GitHub Actions
A Little Game Called Mario is an open source, collectively developed hell project. Anyone and everyone is welcome to contribute their unique talents to make both the player and developer experience more enjoyable. Find out how the collective leverages GitHub Actions to manage this wonderful little community.
Extend your dependency information in the GitHub Dependency Graph with new GitHub Actions
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph.
The Chromium super (inline cache) type confusion
In this post I'll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I'll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.
Dependabot alerts: Dependency scope filter via GraphQL API
Dependabot alerts: Dependency scope filter via GraphQL API
GitHub Advisory Database now includes Erlang and Elixir advisories
GitHub Advisory Database now includes Erlang and Elixir advisories
GitHub Advisory Database now supports Erlang and Elixir packages!
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Secret scanning’s REST API endpoints now support cursor-based pagination
Secret scanning's REST API endpoints now support cursor-based pagination
View code scanning alerts across your enterprise (Public Beta)
View code scanning alerts across your enterprise (Public Beta)
What’s new in Codespaces for Organizations
We’re releasing exciting functionalities that will enable organizations to confidently manage and scale with Codespaces.