Search results for: GitHub Actions

Our response to the war in Ukraine
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.

CODEOWNERS improvements (syntax errors, preview of who will be requested, and more)
CODEOWNERS improvements (syntax errors, preview of who will be requested, and more)

Code scanning finds more vulnerabilities using machine learning
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.

Code scanning and Ruby: turning source code into a queryable database
A deep dive into how GitHub adds support for new languages to CodeQL.

Top-100 npm package maintainers now require 2FA, and additional security-focused improvements to npm
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.

2021 Transparency Report
In GitHub’s latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal.

Thinking beyond SQL injection: OWASP tips for secure database access
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

How to define security requirements for your OSS project
Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

Write more secure code with the OWASP Top 10 Proactive Controls
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

The Copyright Office expands your security research rights
Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

Make your monorepo feel small with Git’s sparse index
The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo.

Chrome in-the-wild bug analysis: CVE-2021-37975
This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.

The fugitive in Java: Escaping to Java to escape the Chrome sandbox
In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.

2021 Transparency Report: January to June
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.

Release Radar · Mid-year 2021 Edition
It’s been a busy time of the year for our Hubbers (GitHub employees). We’ve been shipping products, getting ready for launches, and taking some much needed time off for the…

Adding support for cross-cluster associations to Rails 7
At GitHub, we recently added a new feature to Rails that will be available in 7.0: support for handling associations across database clusters.

Code scanning: Diagnostic information is available!
Code scanning: Diagnostic information is available!

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.