Search results for: Search

Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.

Policymakers around the world are developing policies that impact how software gets built and who gets to build it, see the latest now.

Today’s Changelog brings you updates to workflows, roadmaps, our API and makes cross organization projects a breeze! ➕ Automatically add items from multiple repositories Last month, we shared the latest…

CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.

GitHub Copilot boosts developer productivity, but using it responsibly still requires good developer and DevSecOps practices.

Learn about CodeQL’s improved user experience and enhancements that let you scan new languages, detect new types of CWEs, and perform deeper analyses of your applications.

Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers.

GitHub Copilot is the world’s first at-scale AI developer tool and we’re now offering it to every developer, team, organization, and enterprise.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

CodeQL is the engine that powers GitHub code scanning, used by more than 100,000 repositories to catch security vulnerabilities before they cause issues in deployments. CodeQL is fully integrated into…

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Below are my prepared remarks delivered at the EU Open Source Policy Summit in Brussels on Feb 3rd.

The DEI Resource Hub is a vetted collection of resources, tools, and best practices designed to help open source maintainers create and maintain inclusive and diverse open source communities.

Today we are announcing the public beta of roadmaps in GitHub Projects! 🎉 Last November at GitHub Universe, we announced the private beta for roadmap. With your help and feedback…

Object Graph Notation Language (OGNL) is a popular, Java-based, expression language used in popular frameworks and applications, such as Apache Struts and Atlassian Confluence. Learn more about bypassing certain OGNL injection protection mechanisms including those used by Struts and Atlassian Confluence, as well as different approaches to analyzing this form of protection so you can harden similar systems.

There are now 100 million developers around the world using GitHub. Here’s what this means—and why it’s just the beginning.

We’re excited to share the newest addition to our GitHub Bug Bounty Program!

It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit that used this vulnerability to gain arbitrary kernel code execution and root on a Pixel 6 from an Android app.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud. We have partnered…

Git users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.

Support for GitHub CLI extensions has been expanded with new authorship tools and more ways to discover and install custom commands. Learn how to write powerful extensions in Go and find new commands to install.