Search results for: REST API

With Copilot Autofix, developers and security teams can keep new vulnerabilities out of code and confidently remediate their backlog security debt.

Five actionable tips and strategies to supercharge developer happiness—and a more innovative workplace.

In this post, I’ll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

Explore how AI coding tools like GitHub Copilot can accelerate your journey to learn new programming languages.

Deprecation of enum field “detached” from the “get repositories associated with a code security configuration” endpoint

GitHub Staff Engineer Sarah Vessels discusses her philosophy of code review, what separates good code review from bad, her strategy for finding and reviewing code, and how to get the most from reviews of her own code.

In this blog post, we’ll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.

An interview with economic researchers who are applying causal inference techniques to analyze the effect of generative AI tools on software development activity.

Pre-defined organization roles that grant access to all repositories

Drag-and-drop is a highly interactive and visual interface. We often use drag-and-drop to perform tasks like uploading files, reordering browser bookmarks, or even moving a card in solitaire.

Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.

Let’s take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program.

Sunset Notice – Tag Protections

Actions: Upcoming changes to GitHub-hosted macOS runners

GitHub Copilot Metrics Updates

Learn how to use CodeQL for security research and improve your security research workflow.

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.

Dependabot Updates on Actions for GitHub Enterprise Cloud and Free, Pro, and Teams Users

This Earth Day, we discuss how tech and open source are helping two organizations combat the effects of a changing climate.

Ten years of our global developer event! Celebrate with us by picking up in-person tickets today. It’s bound to be our best one yet.

In March, we experienced two incidents that resulted in degraded performance across GitHub services.