Search results for: GitHub Actions

Starting today, Dependabot will be able to auto-dismiss npm alerts that have limited impact (e.g. long-running tests) or are unlikely to be exploitable. With this ship, Dependabot will cut false…

Open source’s impact on nuclear fusion research, adapting to technological change, and mastering GitHub essentials.

You can now create new repositories with pre-filled form fields, making it even easier to define the right info for your new repos from the start. There are a number…

Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.

In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.

A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.

Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.

Today we are announcing the general availability (GA) of roadmaps in GitHub Projects! 🎉 🗺 Roadmaps for all Since we announced the public beta of roadmaps earlier this year, we’ve…

Code scanning have shipped an API for repositories to programmatically enable code scanning default setup with CodeQL. The API can be used to: Onboard a repository to default setup: gh…

Starting on March 15, 2023, GitHub Team plan customers will be able to create, manage and delete runner groups to better manage their hosted and self hosted runners. Enterprise customers…

You can now designate different types of credits to users who contribute to GitHub security advisories. These new credit types mirror those in the CVE 5.0 schema: finder reporter analyst…

A deep dive into why more people are using Python than ever, its key use cases, and why it’s still so popular 30-plus years after it was first released.

Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.

Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers.

CodeQL is the engine that powers GitHub code scanning, used by more than 100,000 repositories to catch security vulnerabilities before they cause issues in deployments. CodeQL is fully integrated into…

Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.

In the spirit of continuing to improve our invitation experience, we are bringing a few more enhancements to the UI and APIs to better support invitation management experiences. From today…

On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. In April 2022, we announced that CodeQL Action v1 would be deprecated at the…

Explore how GitHub and cloud native strategies can help you address common DevOps pipeline and team antipatterns.

GitHub Advanced Security customers can view an event in their organization or enterprise audit log when an admin enables or disables push protection for a custom pattern at the repository,…

GitHub’s search inputs have several complex accessibility considerations. Let’s dive into what those are, how we addressed them, and talk about the standalone, reusable component that was ultimately built.