Search results for: GitHub Actions

With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.

We’re taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.

GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.

Repository administrators can now configure how often/when prebuild configurations for a given branch should be updated. Prebuilds enable developers to startup Codespaces in seconds – regardless of repository size or…

Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.

The audit log now includes events associated with secret scanning custom patterns. This data helps GitHub Advanced Security customers understand actions taken on their repository, organization, or enterprise level custom…

The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.

Organization members and teams can now be granted a moderator role. Organization moderators are able to: Block and unblock users from the organization Manage organization interaction limits Manage repository interaction…

As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.

A CODEOWNERS file defines the users or teams responsible for different parts of your repository, and helps ensure the right people are included in pull request reviews. We’ve shipped some…

Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.

A deep dive into how GitHub adds support for new languages to CodeQL.

Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.

In GitHub’s latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal.

When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo.

This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.