Search results for: Security

The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6.

GitHub Advanced Security customers can now opt to receive a webhook event that triggers when any feature in “Code security and analysis” is enabled or disabled. The new security_and_analysis webhook…

The Rust community can now discover, report, and prevent security vulnerabilities.

Learn how you can securely manage users with the latest ships for GitHub Enterprise.

npm’s impact analysis of the attack campaign using stolen OAuth tokens and additional findings.

It was another record year for our Security Bug Bounty program. We’re excited to highlight some achievements we’ve made together with the bounty community from 2021!

We’re taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.

GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.

Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.

Upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine.

Security Overview at the organization level is now out of beta and generally available. GitHub Advanced Security customers can use Security Overview to view a repo-centric view of application security…

Organizations with GitHub Advanced Security can now proactively protect against secret leaks with secret scanning’s new push protection feature.

If there’s one habit that can make software more secure, it’s probably input validation. Here’s how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.

GitHub Advanced Security customers can now scan their public repositories using Advanced Security secret scanning. Like scanning on private repositories, scanning on public repositories can be enabled at the repository,…

GitHub Advanced Security customers can now view an overview of security alerts at the enterprise level. The new “Security” tab at the enterprise level provides a repo-centric view of application…

GitHub code scanning helps open source maintainers and organizations find potential vulnerabilities in their code, before these can make their way into deployments. CodeQL, our very own analysis engine, powers…

GitHub Actions workflows in the Security category will now appear among the workflow recommendations based on a repository’s content.

A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.

Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.

We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.