Search results for: Security

A Security.md file in the root of a repository will now be highlighted on the repository overview in the sidebar. For more information, see “Adding a security policy to your…

A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecurity roles.

Removing the security vulnerability banner The yellow banner stating “We found potential security vulnerabilities in your dependencies” is being removed. Please use the “Security” alert count in your repository navigation…

As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program.

The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.

Dependabot has added support for updating dependencies in Yarn v2 and Yarn v3 manifests (package.json, and yarn.lock files). This is in addition to the existing support for Yarn v1. There…

Upgrade your local installation of Git, especially when cloning with –recurse-submodules from untrusted repositories, or if you use git shell interactive mode.

Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease.

Learn about using GitHub Advanced Security (GHAS) alerts with Security Information and Events Management (SIEM) tools. Check out the integrations, and read more about getting started.

Enterprise owners can now configure whether repository administrators can enable or disable Dependabot alerts. If you are owner of an enterprise with GitHub Advanced Security, you can now also set…

Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.

Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security.

When resolving security alerts for vulnerable transitive npm dependencies, it is possible that updating a direct dependency will remove the vulnerable transitive dependency from the tree. Dependabot can now resolve…

On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.

At the organization level, you can now view (GET) and update (PATCH) enablement status as well as configure the setting to automatically enable new repositories for the following GitHub security…

Register now to attend GitHub Universe virtually or in-person at the Yerba Buena Center for the Arts in San Francisco on November 9-10.

Users with 2FA enabled may see false-alert flags in their security log for recovery_code_regenerated events between July 15 and August 11, 2022. These events were improperly emitted during an upgrade…

We’ve expanded access to GitHub’s security overview pages in two ways: All GitHub Enterprise accounts now have access to the security overview, not just those with GitHub Advanced Security All…

Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.

Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.

Organizations participating in the security manager role public beta may now manage security manager teams via the GitHub REST API. In addition, legacy organizations can now participate in the public…