Search results for: Security

We’ve recently released a few minor user experience improvements for our GitHub Security Advisory form: You’re no longer required to fill out as many fields in the form before submitting…

Dependabot security updates now supports the Pub ecosystem, making it easier for you to fix vulnerable dependencies in your Dart or Flutter apps. With security updates enabled, Dependabot will automatically…

Dependabot security updates now supports the GitHub Actions ecosystem, making it easier for you to fix vulnerable GitHub Actions dependencies. With security updates enabled, Dependabot will automatically raise a pull…

You can now enable and disable the following GitHub security features for a single repository from the organization-level security coverage view: Dependency graph Dependabot alerts Dependabot security updates If you…

Security overview’s new risk and coverage views provide greater visibility into your security posture and risk analysis. Each new view offers a refreshed design with several key improvements, including insights…

We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem.

A Security.md file in the root of a repository will now be highlighted on the repository overview in the sidebar. For more information, see “Adding a security policy to your…

A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecurity roles.

Removing the security vulnerability banner The yellow banner stating “We found potential security vulnerabilities in your dependencies” is being removed. Please use the “Security” alert count in your repository navigation…

As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program.

The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.

Dependabot has added support for updating dependencies in Yarn v2 and Yarn v3 manifests (package.json, and yarn.lock files). This is in addition to the existing support for Yarn v1. There…

Upgrade your local installation of Git, especially when cloning with –recurse-submodules from untrusted repositories, or if you use git shell interactive mode.

Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease.

Learn about using GitHub Advanced Security (GHAS) alerts with Security Information and Events Management (SIEM) tools. Check out the integrations, and read more about getting started.

Enterprise owners can now configure whether repository administrators can enable or disable Dependabot alerts. If you are owner of an enterprise with GitHub Advanced Security, you can now also set…

Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.

Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security.

When resolving security alerts for vulnerable transitive npm dependencies, it is possible that updating a direct dependency will remove the vulnerable transitive dependency from the tree. Dependabot can now resolve…

On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.

At the organization level, you can now view (GET) and update (PATCH) enablement status as well as configure the setting to automatically enable new repositories for the following GitHub security…