Search results for: Security

My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.

As part of our ongoing commitment to npm ecosystem security, and in advance of enforcing two-factor authentication for top packages maintainers, the npm team has been hard at work improving…

The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.

In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.

Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.

We’re sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.

During Universe, we received a number of security questions ranging from our strategy to our advisories. Here’s what we’ve got planned!

You can now export your Advanced Security license data to review usage across your business. The CSV data can be downloaded at both enterprise and organization level, and contains: the…

This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode.

When you’re fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.

This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project.

We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program: @yvvdwf

GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool.

Organizations can now grant teams permission to manage security alerts and settings on all their repositories. The “security manager” role can be applied to any team and grants the team’s…

On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client – GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys.

GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.

GitHub Enterprise Server 3.2 is available today as a release candidate.

We put out a call to open source developers and security researchers to talk about the security vulnerability disclosure process. Here’s what we found.