Search results for: Search

Take a look at some of the new features in the latest Git release.

#NewYearNewPack winner Frank Matranga shares how the Pack helped him bring his open-source student planner to life.

Learn more about how we found ways to scale our vulnerability hunting efforts and empower others to do the same. In this post, we’ll take a deep-dive in the remediation of a security vulnerability with CERT.

GitHub Education introduces two new features to help you shape the next generation of software developers, with the GitHub Teacher Toolbox and more automation for GitHub Classroom.

Learn about the top five reasons why leading enterprise organizations are investing in open source.

We’re excited to share GitHub’s 2019 Transparency Report, a by-the-numbers look at how we handle requests for user data and moderate content on GitHub.

In this deep dive, we cover how our daily schema migrations amounted to a significant toil on the database infrastructure team, and how we searched for a solution to automate the manual parts of the process.

Share your love for open source and learn how to get involved for a chance to win a GitHub hoodie.

This is the fourth and final post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-11484, a vulnerability in whoopsie which enables a local attacker to get a shell as the whoopsie user, thereby gaining the ability to read any crash report.

This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).

This is the second post in our series about Ubuntu’s crash reporting system. We’ll review CVE-2019-7307, a TOCTOU vulnerability that enables a local attacker to include the contents of any file on the system in a crash report.

This post summarizes several security vulnerabilities in Ubuntu’s crash reporting system: CVE-2019-7307, CVE-2019-11476, CVE-2019-11481, CVE-2019-11484, CVE-2019-15790. When chained together, they allow an unprivileged user to read arbitrary files on the system.

IP allow lists gives you the ability to limit access to enterprise assets to an allowed set of source IPs, and it’s now available in public beta for GitHub Enterprise Cloud customers.

Learn more about what’s behind the scenes with GitHub vulnerability alerts.

We’re sharing the #myfirstrepo contest winners along with how you can easily find your first repository.

Keep GitHub Enterprise Server secure with our recommendations for security best practices, from password protection to logging and auditing.

When searching for Azure AD groups to synchronize with GitHub teams, you can now match groups by entering the group email address. Learn more about team synchronization

In this deep-dive, we identified and worked through sporadic latency issues with services running on Kubernetes in our environment.

On Day Two of GitHub Universe 2019, we announced GitHub Security Lab to bring together security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for everyone.

The GitHub Advisory Database is a new experience that allows you to browse or search for the vulnerabilities that GitHub knows about. The database contains all curated CVEs and security…

It’s our favorite time of year: GitHub Universe. And we’ve made some exciting announcements. GitHub Actions and Packages are now out of beta, we launched GitHub for mobile, redesigned the notifications experience, and introduced lots of other features we think you’ll love.