Search results for: Security

If there’s one habit that can make software more secure, it’s probably input validation. Here’s how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.

GitHub Advanced Security customers can now scan their public repositories using Advanced Security secret scanning. Like scanning on private repositories, scanning on public repositories can be enabled at the repository,…

GitHub Advanced Security customers can now view an overview of security alerts at the enterprise level. The new “Security” tab at the enterprise level provides a repo-centric view of application…

GitHub code scanning helps open source maintainers and organizations find potential vulnerabilities in their code, before these can make their way into deployments. CodeQL, our very own analysis engine, powers…

GitHub Actions workflows in the Security category will now appear among the workflow recommendations based on a repository’s content.

A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.

Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.

We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.

My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.

As part of our ongoing commitment to npm ecosystem security, and in advance of enforcing two-factor authentication for top packages maintainers, the npm team has been hard at work improving…

The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.

In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.

Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.

We’re sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.

During Universe, we received a number of security questions ranging from our strategy to our advisories. Here’s what we’ve got planned!

You can now export your Advanced Security license data to review usage across your business. The CSV data can be downloaded at both enterprise and organization level, and contains: the…

This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode.

When you’re fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.