This month on The ReadME Podcast: exploring the fusion of technology and progress
Open source’s impact on nuclear fusion research, adapting to technological change, and mastering GitHub essentials.
GitHub Blog Search
Open source’s impact on nuclear fusion research, adapting to technological change, and mastering GitHub essentials.
Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.
A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.
Learn more about static analysis and how to use it for security research! In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.
Code scanning API to enable default setup with CodeQL on a repository
Security advisories now have multiple types of credits
A deep dive into why more people are using Python than ever, its key use cases, and why it’s still so popular 30-plus years after it was first released.
Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.
Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers.
Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.
Explore how GitHub and cloud native strategies can help you address common DevOps pipeline and team antipatterns.
Secret scanning emits audit log events for custom pattern push protection enablement
GitHub’s search inputs have several complex accessibility considerations. Let’s dive into what those are, how we addressed them, and talk about the standalone, reusable component that was ultimately built.
Before you say it, yes, the October Release Radar was supposed to be shared in November. But with Hackatoberfest, GitHub Universe, Turkey Day, and in real life (IRL) conferences returning…