Search results for: Search

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…

Each month, we highlight open source projects that have shipped major updates. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. We cover what the…

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.

GitHub’s Advisory Database now supports listing malware advisories. You can see them by searching “type:malware” on https://github.com/advisories. If you have enabled Dependabot alerts on your repositories, GitHub will send Dependabot…

To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.

We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States.

How can you robustly assert and identify a user’s identity?

Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…

When you visit the GitHub Advisory Database, you can now search for any historical advisory recognized by the National Vulnerability Database. Previously, we only displayed advisories from our supported ecosystems.…

Are you a student who is new to open source or just starting your maintainer journey? GitHub Global Campus’ Community Exchange can help you make that first contribution or grow your open source project.

Join us on the GitHub All In journey.

Today’s Changelog brings you the release of project webhooks, a first exploration into templates and a host of improvements to GitHub Issues. ☁️🪝 Automate more with project webhooks The first…

GitHub Sponsors is now available in Brazil—an exciting expansion for one of our fastest growing developer communities.

GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.

npm’s impact analysis of the attack campaign using stolen OAuth tokens and additional findings.

GitHub Sponsors is now available to all developers in India – no more waitlist, you can sign up right away!

It was another record year for our Security Bug Bounty program. We’re excited to highlight some achievements we’ve made together with the bounty community from 2021!

At GitHub we use GitHub to build our own products, and the new projects experience is no different. Check out how our team uses projects to build powerful project planning for developers.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…

We’re taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.