![](https://github.blog/wp-content/uploads/2024/02/Security-LightMode-1-1.png?resize=400%2C212)
Now you C me, now you don’t: An introduction to the hidden attack surface of interpreted languages
Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.
Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.
GitHub Actions hosted virtual environments are a turn-key option for running your workflows. But if you need fine-grained control and customization of your environment, then self-hosted runners give you full…
Administrators and users can suspend any GitHub App’s access for as long as needed, and unsuspend the app on command.
In this post, hear from @stevemar, a Senior Technical Staff Member at IBM, about a new GitHub Starter Workflow for developers deploying containerized applications to IBM Cloud Kubernetes Service. Here…
GitHub Actions allows you to automate your workflow. Connect with the tools you know and love, and have more freedom to innovate and be creative. With GitHub Actions, you can…
What is the Availability Report? Historically, GitHub has published post-incident reviews for major incidents that impact service availability. Whether we’re sharing new investments to infrastructure or detailing site downtimes, our…
In this post I’ll show how input validation which should be used to prevent malformed inputs to enter our applications, open up the doors to Remote Code Execution (RCE).
ICYMI: docs.github.com is the new place to discover all of GitHub’s product documentation! We recently completed a major overhaul of GitHub’s documentation websites. When you visit docs.github.com today, you’ll see…
GitHub Actions allows you to automate your workflow. With GitHub Actions, you can deploy to any cloud, build containers, automate messages, and do so much more. Use any tool you…
GitHub Enterprise Server 2.21 is now available with updates to simplify collaboration, increase reliability and improve security.
Setting up a new repository with all the right linters for the different types of code can be time consuming and tedious. So many tools and configurations to choose from…
Background Machine Learning Operations (or MLOps) enables Data Scientists to work in a more collaborative fashion, by providing testing, lineage, versioning, and historical information in an automated way. Because the…
This post details how an open source supply chain malware spread through build artifacts. 26 open source projects were backdoored by this malware and were actively serving backdoored code.
We examine the dangers of network integer arithmetic based on a case study of security vulnerabilities reported to the ntop project.
In this post I’ll show how garbage collections (GC) in Chrome may be triggered with small memory allocations in unexpected places, which was then used to cause a use-after-free bug.
GitHub Actions continues its community momentum and ships new features for enterprises and developers.
From GitHub Actions and magic URLs to gists, check out Jason Etcovich’s top ten tips and tricks to help you hack your GitHub experience.
Check out Lee Reilly’s top ten tips and tricks to help you hack your GitHub experience. You won’t believe tip number eight!
In-depth analysis of February service disruptions that impacted GitHub services.
Learn more about the Bug Bounty program, including a recap of 2019’s bugs, our expanded scope, new features, and more.
We’ve taken further steps to ensure that our people can be safe and productive wherever they are, and that our community’s home on GitHub remains reliable and resilient.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.