Search results for: GitHub Actions

Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.

A deep dive into how GitHub adds support for new languages to CodeQL.

Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.

In GitHub’s latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal.

When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo.

This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.

Filtered files on the Pull Request Files Changed tab are now completely hidden from view (not just collapsed). This helps decrease distractions and lets you focus on just the files…

We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.

It’s been a busy time of the year for our Hubbers (GitHub employees). We’ve been shipping products, getting ready for launches, and taking some much needed time off for the…

At GitHub, we recently added a new feature to Rails that will be available in 7.0: support for handling associations across database clusters.

Code scanning with CodeQL now generates diagnostic information for all supported languages. Before analyzing your code, CodeQL first creates a CodeQL database containing all of the important information about your…

polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.

Table of contents Executive summary Key findings Key takeaways for developers and software teams About the study What we found Interruptions and meetings have a large influence on our days…

Pull request and review-related events are now included in the audit log at both the enterprise and organization levels. This helps administrators better monitor pull request activity and ensure security…

The open source community is always hard at work. February’s projects were super hard to pick since there are so many amazing releases. These are exciting new releases from some…