Search results for: Authentication

Git 2.46 is here with new features like pseudo-merge bitmaps, more capable credential helpers, and a new git config command. Check out our coverage on some of the highlights here.

In this blog post, we’ll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.

GitHub is committed to a secure software ecosystem and requires most developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA).To ensure that all…

For security and convenience, we’ve updated how the account picker can be triggered during sign-in to an OAuth or GitHub Application. Some apps will see it all of the time,…

We’ve updated how we calculate Last Activity to give you better clarity and are pausing access to the Team endpoint in the Metrics API. Updating the Last Activity calculation Ahead…

Learn how to use CodeQL for security research and improve your security research workflow.

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.

Starting today for GitHub Enterprise Cloud and as part of GitHub Enterprise Server version 3.13, enterprise and organization audit log events will include the applicable SAML and SCIM identity data…

New customers of GHEC enterprise managed users (EMUs) can now use the SSO and SCIM providers of their choice, separate from one another, for a more flexible approach to user…

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.16.4 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL…

With this version, customers can choose how to best scale their security strategy, gain more control over deployments, and so much more.

CodeQL is the static analysis engine that powers GitHub code scanning. CodeQL version 2.16.3 has been released and has now been rolled out to code scanning users on GitHub.com. Important…

Explore the capabilities and benefits of AI code generation, and how it can improve the developer experience for your enterprise.

We listened to your feedback and released new versions (v4) of actions/upload-artifact and actions/download-artifact. While this version of the actions to upload and download artifacts includes up to 10x performance improvements and several new features, there are also key differences from previous versions that may require updates to your workflows.

In December, we experienced three incidents that resulted in degraded performance across GitHub services.

GitHub received a bug bounty report of a vulnerability that allowed access to the environment variables of a production container. We have patched GitHub.com and rotated all affected credentials. If you have hardcoded or cached a public key owned by GitHub, read on to ensure your systems continue working with the new keys.

If you are signed into multiple accounts on GitHub.com, you’ll be able to pick between them when you sign in using the device flow. This authentication method is typically used…

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data…

Read a round-up of the exciting, new innovation coming from GitHub Enterprise.

This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.