Search results for: GitHub Actions
Secret scanning alerts now have a timeline and users can add a comment when resolving
Secret scanning alerts now have a timeline and users can add a comment when resolving
Why we signed the Copenhagen Pledge on Tech for Democracy
As the home for developers, we understand the key role our communities play in steering digital transformation and maintaining societal infrastructure. That’s why we choose to drive and support policies and initiatives like the Copenhagen Pledge on Tech for Democracy. We’re committed to working with like-minded organizations, governments, and civil society to make digital technologies work for democracy and human rights, and we encourage you to join us in this pledge.
2022 Transparency Report: January to June
We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve continued with the more granular reporting we began in our 2021 reports.
New request for comments on improving npm security with Sigstore is now open
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
The Chromium super (inline cache) type confusion
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.
Creating a more comprehensive dependency graph with build time detection
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
Dependency graph has a REST API for submitting dependencies detected at build time
Dependency graph has a REST API for submitting dependencies detected at build time
Secret scanning push protection bypasses are now shown in the audit log and API
Secret scanning push protection bypasses are now shown in the audit log and API
Configure dependency review for vulnerability severity and license type
Configure dependency review for vulnerability severity and license type
How we think about browsers
Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience.
Securing and delivering high-quality code with innersource metrics
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.
Today’s most common security vulnerabilities explained
We’re taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
Software security starts with the developer: Securing developer accounts with 2FA
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
Git Credential Manager: authentication for everyone
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.
Secret scanning custom pattern events now in the audit log
Secret scanning custom pattern events now in the audit log
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
GitHub Universe 2024
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.