Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.
Let’s take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program.
Actions: Upcoming changes to GitHub-hosted macOS runners
Learn how to use CodeQL for security research and improve your security research workflow.
We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.
Dependabot Updates on Actions for GitHub Enterprise Cloud and Free, Pro, and Teams Users
This Earth Day, we discuss how tech and open source are helping two organizations combat the effects of a changing climate.
Ten years of our global developer event! Celebrate with us by picking up in-person tickets today. It’s bound to be our best one yet.
In March, we experienced two incidents that resulted in degraded performance across GitHub services.
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!
[Public Beta] Bring Your Own Identity Provider to Enterprise Managed Users
While AI revolutionizes software development, it still relies on developers to pilot its use. In this blog, we’ll cover the skills that developers need to have for navigating this new AI-powered coding frontier.
Learn how your organization can customize its LLM-based solution through retrieval augmented generation and fine-tuning.
Explore the capabilities and benefits of AI code generation, and how it can improve the developer experience for your enterprise.
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.
Get excited for this month’s Release Radar. Maintainers were hard at work this past month, shipping major updates for you all. Read on for our top staff picks.
Celebrate the first year of GitHub Fund, our first investments, and a brief look of where we’re going.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
