Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.
We put out a call to open source developers and security researchers to talk about the security vulnerability disclosure process. Here's what we found.
Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.
Ensuring that software copyright allegations are specific and actionable benefits the entire developer ecosystem. That’s why GitHub submitted a “friend of the court” brief in the SAS Institute, Inc. v. World Programming Ltd. case before a Federal Court of Appeals.
Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.
GitHub’s Developer Defense Fund will enable independent legal support from the Stanford Juelsgaard Clinic to review and handle appropriate DMCA cases for developers on GitHub and across the software ecosystem.
GitHub’s supply chain security features are now available for Go modules, which will help the Go community discover, report, and prevent security vulnerabilities.
GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and…
One month ago, we started a discussion with the community about proposed revisions to clarify GitHub’s policies on security research, malware, and exploits with the goal to enable, welcome, and…
Today we’re introducing The ReadME Podcast, a GitHub podcast that takes a peek behind the curtain of some of the most impactful open source projects, and the developers who make…
GitHub has been at the forefront of security key adoption for many years. We were an early adopter of Universal 2nd Factor ("U2F") and were also one of the first…
Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the…
At GitHub, we believe in the extraordinary potential and power of a diverse, collaborative developer community to accelerate human progress. Just look at the first-ever powered flight on another planet…