Search results for: Search

GitHub Artifact Exporter provides a CLI and a simple GUI for exporting GitHub Issues and related comments based on a date range, and it supports GitHub’s full search syntax.

GitHub Enterprise Server 3.1 is now available to download as a release candidate. This release follows the most popular GitHub Enterprise Server release in years. GitHub Enterprise Server 3.0 brought…

April 30, 2021 update: Thank you to everyone who’s weighed in on the discussion so far. I’ve commented in the pull request to clarify a few points based on initial…

At GitHub, we serve some of the largest Git repositories on the planet. We also serve some of the fastest-growing repositories. Each day, the largest repositories we host become even…

Pull request and review-related events are now included in the audit log at both the enterprise and organization levels. This helps administrators better monitor pull request activity and ensure security…

gh brings GitHub to the command line by helping developers manage pull requests, issues, gists, and much more. As of 1.9.0, even more of GitHub is available in your terminal:…

The modern internet was built on a legal framework of safe harbors for user-generated content. These safe harbors are widely credited with having enabled global internet innovation by protecting online…

In March, we experienced three incidents resulting in significant impact and degraded state of availability for issues, pull requests, webhooks, API requests, GitHub Pages, and GitHub Actions services. Follow up…

In this second installment, I will focus on how to build our own custom ASAN interceptors in order to catch memory bugs when custom memory pools are implemented and also on how to intercept file system syscalls to detect logic errors in the target application.

Rendering logs in a web UI might seem simple: they are just lines of plain text. However, there are a lot of additional features that make them more useful to…

When it comes to security research, the path from bug to vulnerability to exploit can be a long one. Security researchers often end their research journey at the “Proof of…

In this last post of the series, I’ll exploit a use-after-free in the Chrome renderer (CVE-2020-15972), a bug that I reported in September 2020 but turned out to be a duplicate, to gain remote code execution in the sandboxed renderer process in Chrome.

Imagine you’re in an organization with over 2,000 repositories across several different product lines. It can be daunting task to find the right project.

Security researchers provide a critical service to developers by identifying vulnerable software, but unfortunately, many developers don’t know the people behind this work. GitHub Security Advisories allow developers to provide…

Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…

This article originally appeared in The New Stack, and is republished here with permission. Digital sovereignty has become a rallying cry across the globe. In 2021, open innovation will, counterintuitively,…

In this series of posts, I’ll go through the exploit of three security bugs that I reported, which, when used together, can achieve remote kernel code execution in Qualcomm’s devices by visiting a malicious website in a beta version of Chrome. In this first post, I’ll exploit a use-after-free in Qualcomm’s kgsl driver (CVE-2020-11239), a bug that I reported in July 2020 and that was fixed in January 2021, to gain arbitrary kernel code execution from the application domain.

Every day, GitHub serves the needs of over 56M developers, working on over 200M code repositories. All but a tiny fraction of those repositories are served with amazing performance, for…

In this second post of the series, I’ll exploit a use-after-free in the Payment component of Chrome (1125614/GHSL-2020-165), a bug that I reported in September 2020 that only affected version 86 of Chrome, which was in beta. I’ll use it to escape the Chrome sandbox to gain privilege of a third party App on Android from a compromised renderer.

It has been a year since we’ve launched the first public release of GitHub CLI. Since, we have added functionality to manage your repositories, comment on issues, enable auto-merge for…

This post features a guest interview with Diego M. Oppenheimer, CEO at Algorithmia Over the past few years, machine learning has grown in adoption within the enterprise. More organizations are…