This month on The ReadME Podcast: exploring the fusion of technology and progress
Open source’s impact on nuclear fusion research, adapting to technological change, and mastering GitHub essentials.
GitHub Blog Search
Search Results for: GitHub Actions
Generative AI-enabled compliance for software development
Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.
Pwning Pixel 6 with a leftover patch
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.
Level up monitoring and reporting for your enterprise
A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.
CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research
Learn more about static analysis and how to use it for security research! In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.
Code scanning API to enable default setup with CodeQL on a repository
Code scanning API to enable default setup with CodeQL on a repository
Security advisories now have multiple types of credits
Security advisories now have multiple types of credits
Why Python keeps growing, explained
A deep dive into why more people are using Python than ever, its key use cases, and why it’s still so popular 30-plus years after it was first released.
Secret scanning alerts are now available (and free) for all public repositories
Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.
2022 Transparency Report
Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers.
Bypassing OGNL sandboxes for fun and charities
Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.
3 common DevOps antipatterns and cloud native strategies that can help
Explore how GitHub and cloud native strategies can help you address common DevOps pipeline and team antipatterns.
Secret scanning emits audit log events for custom pattern push protection enablement
Secret scanning emits audit log events for custom pattern push protection enablement
Creating an accessible search experience with the QueryBuilder component
GitHub’s search inputs have several complex accessibility considerations. Let’s dive into what those are, how we addressed them, and talk about the standalone, reusable component that was ultimately built.
Release Radar · October 2022 Edition
Before you say it, yes, the October Release Radar was supposed to be shared in November. But with Hackatoberfest, GitHub Universe, Turkey Day, and in real life (IRL) conferences returning…