Search results for: Search

GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of…

As part of our ongoing commitment to ensure GitHub’s conferences are accessible and inclusive to people from all walks of life, we’re offering 30-minute, 1:1 micro-mentoring sessions with GitHub employees.

GitHub Secret Scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and fraudulent uses of secrets that…

Giving back to open source projects is a great way to practice skills you don’t get to use in your day job. Check out ways to get involved!

Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.

Since our last update, we’ve continued to improve the GitHub Issues beta to expand the capabilities of both project tables and boards. Here are some of the recent ships: 🤖…

Announcing new settings to help teams manage code review assignments. Also improved pull request filtering that lets you see just the pull requests you have been directly requested to review.…

This post is a technical analysis of a recently disclosed Chrome JIT vulnerability (CVE-2021-30632) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 13, 2021 in Chrome version 93.0.4577.82. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

During an audit of Apache Dubbo v2.7.8 source code, I found multiple vulnerabilities enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers. In this blog post I detailed how I leveraged CodeQL as an audit oracle to help me find these issues.

GitHub Advanced Security customers can now edit their custom patterns defined at the repository, organization, and enterprise levels. After a user edits and saves a pattern, secret scanning searches for…

What did we ship in August? Codespaces, Discussions, and lots of other updates, from the general availability of the dark high contrast theme to an auto-generated table of contents for wikis.

Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.

Calling all students! Get the most out of your GitHub Education experience by joining the GitHub student community on our new digital campus.

The GitHub Social Impact and Policy teams are issuing a Request for Proposal (RFP) for a researcher to define a list of publicly available GitHub platform usage metrics by country for international development, public policy and economics disciplines.

Linux is celebrating its 30-year anniversary, so I’m taking the opportunity to highlight 30 of my favorite free and open source Linux games, their communities, and their stories.   I…

Linux is celebrating its 30-year anniversary today, so I’m taking the opportunity to highlight 30 of my favorite free and open source Linux games, their communities, and their stories! If…

We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.

We’re excited to support researchers and academics on GitHub with enhanced citation support through `CITATION.cff` files.

The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.

A public beta for CodeQL package manager, additional options to manage Actions runs from first-time contributors, GitHub Discussions translation, and more.