Search results for: Security

Upgrade your local installation of Git, especially if you are using Git for Windows, or you use Git on a multi-user machine.

Security Overview at the organization level is now out of beta and generally available. GitHub Advanced Security customers can use Security Overview to view a repo-centric view of application security…

Organizations with GitHub Advanced Security can now proactively protect against secret leaks with secret scanning’s new push protection feature.

If there’s one habit that can make software more secure, it’s probably input validation. Here’s how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.

GitHub Advanced Security customers can now scan their public repositories using Advanced Security secret scanning. Like scanning on private repositories, scanning on public repositories can be enabled at the repository,…

GitHub Advanced Security customers can now view an overview of security alerts at the enterprise level. The new “Security” tab at the enterprise level provides a repo-centric view of application…

GitHub code scanning helps open source maintainers and organizations find potential vulnerabilities in their code, before these can make their way into deployments. CodeQL, our very own analysis engine, powers…

GitHub Actions workflows in the Security category will now appear among the workflow recommendations based on a repository’s content.

A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.

Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.

We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.

My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.

As part of our ongoing commitment to npm ecosystem security, and in advance of enforcing two-factor authentication for top packages maintainers, the npm team has been hard at work improving…

The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.

In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.

Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.

We’re sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.

During Universe, we received a number of security questions ranging from our strategy to our advisories. Here’s what we’ve got planned!