Accelerate security adoption in your organization
The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.
GitHub Blog Search
Search Results for: Authentication
GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
GitHub Enterprise Server 3.3 enhances CI/CD and adds a new security manager role
This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode.
Expiration dates of SAML-authorized PATs available via API
Expiration dates of SAML-authorized PATs available via API
GitHub Actions: Secure cloud deployments with OpenID Connect
GitHub Actions: Secure cloud deployments with OpenID Connect
Everything new from Universe 2021
Since last year’s GitHub Universe, we’ve shipped more than 20,000 improvements to GitHub for developers, open source communities, and enterprise teams. Here’s a comprehensive overview of what we’re announcing at Universe this week.
What’s new from GitHub Changelog? September 2021 recap
Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.
Student developer resources you won’t find in the classroom
Heading back to school? Did you just graduate? The GitHub Education Stream Team (GEST) is sharing resources, tools, and more to help emerging developers land a job.
GitHub security update: revoking weakly-generated SSH keys
On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client - GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys.
Cybersecurity spotlight on bug bounty researchers @chen-robert and @ginkoid
GitHub's bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.
Announcing npm’s new access token format
npm access tokens will now follow the established format of GitHub authentication tokens.
What’s new from GitHub Changelog? August 2021 Recap
What did we ship in August? Codespaces, Discussions, and lots of other updates, from the general availability of the dark high contrast theme to an auto-generated table of contents for wikis.
Improving Git protocol security on GitHub
We’re changing which keys are supported in SSH and removing unencrypted Git protocol. Only users connecting via SSH or git:// will be affected. If your Git remotes start with https://, nothing in this post will affect you. If you’re an SSH user, read on for the details and timeline.
What’s new from GitHub Changelog? July 2021 Recap
A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.
Sunset Notice: OAuth Application API
As previously announced, on August 11 2021 at 14:00 UTC, GitHub will be removing the OAuth Application API to avoid unintentional logging of in-transit access tokens. Please refer to this…
Seven years of the GitHub Security Bug Bounty program
GitHub’s bug bounty program is now a mature component of how we improve product security. We're excited to highlight some achievements (and interesting vulnerabilities)!
What’s new from GitHub Changelog? May 2021 Recap
In May, GitHub shipped a total of 20 new features. We love what we do, but we know it’s a lot to keep up with. So we’re trying something new on the GitHub Blog—a monthly recap of everything that shipped to Changelog in the past month. Check out some of the updates you might have missed.
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.