Search results for: REST API

Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests.

This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

In November, we experienced one incident resulting in significant impact and degraded state of availability for multiple services.

CodeQL code scanning now recognizes more Python libraries and frameworks

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.

In this post, I’ll use three bugs that I reported to Qualcomm in the NPU (neural processing unit) driver to gain arbitrary kernel code execution as root user and disable SELinux from the untrusted app sandbox in an Android phone.

To celebrate this most recent release, here’s GitHub’s look at some of the most interesting features and changes introduced since last time.

What an incredible month it’s been for GitHub and our communities. Whilst we’ve been busy with GitHub Universe, our communities have been busy coding. It’s been a successful year for…

During Universe, we received a number of security questions ranging from our strategy to our advisories. Here’s what we’ve got planned!

Export GitHub Advanced Security license usage data

Here are a few ways our teams use GitHub Discussions internally to build community, simplify workflows, and get key insights into our work.

In October, we experienced one incident resulting in significant impact and degraded state of availability for the GitHub Codespaces service.

New Codespaces features launching at Universe 2021

This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

The Northern Hemisphere has hit fall, and the southern is starting to warm into summer. September has been a busy time for our community. Maintainers have been getting their repositories…

If you think about it, 13kB isn’t really a lot. The image above is 81kB. This page weighs over 3MB (waaay more if you include the videos). That’s why it’s…

GitHub Releases has a new look and updated tools to make it easier for open source communities to create and share high-quality releases with auto-generated release notes.

This post is a technical analysis of a recently disclosed Chrome JIT vulnerability (CVE-2021-30632) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 13, 2021 in Chrome version 93.0.4577.82. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

In 2019, to meet GitHub’s growth and availability challenges, we set a plan in motion to improve our tooling and ability to partition relational databases.

During an audit of Apache Dubbo v2.7.8 source code, I found multiple vulnerabilities enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers. In this blog post I detailed how I leveraged CodeQL as an audit oracle to help me find these issues.

If you’re a GitHub Enterprise Cloud customer, you can now set up a stream of audit log and Git events to Splunk or an Azure Event Hub.