Search results for: Security

Learn more about what’s behind the scenes with GitHub vulnerability alerts.

Keep GitHub Enterprise Server secure with our recommendations for security best practices, from password protection to logging and auditing.

GitHub Security Advisories, which launched in beta earlier this year, are now generally available. And we’ve made some exciting changes based on feedback from maintainers. First, we’ve added the ability…

Automated security updates (formerly Dependabot and automated security fixes) are now generally available in all public repositories on GitHub. After a popular debut at Satellite 2019, more than 3.5 million…

On Day Two of GitHub Universe 2019, we announced GitHub Security Lab to bring together security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for everyone.

GitHub Security Lab, launched at GitHub Universe 2019, is a new GitHub initiative whose mission is to inspire and enable the community to secure the open source software we all…

GitHub has updated the default security alert email setting to be a single email which details the impact of a new vulnerability across all of your repositories. Previously, for a…

GitHub now supports the WebAuthn standard for authentication. A broad array of security keys can be used across most major browsers (Apple will add support in Fall 2019). The following…

The WebAuthn standard for security keys is making authentication as easy as possible. Now you can use security keys for second-factor authentication on GitHub with many more browsers and devices.

Liran Tal, Developer Advocate at Snyk, shared a few key takeaways and advice from their 2019 Open Source Security Report.

Yarn now supports security alerts for public and private repositories.

Through the integration of Dependabot, we’ve released automated security fixes as a public beta. Automated security fixes are pull requests generated by GitHub to fix security vulnerabilities. They automate a…

We’ve released maintainer security advisories as a public beta. Maintainer security advisories allow open source maintainers to privately discuss, fix, and publish notices about security vulnerabilities in repositories. GitHub may…

Repositories may now specify a security policy by creating a file named SECURITY.MD. This file should be used to instruct users about how and when to report security vulnerabilities to…

Recently, we introduced the vulnerability-alerts API preview which allows administrators to enable security vulnerability alerts on a per-repository basis. Today, we are releasing a code sample in Node and Bash which demonstrates…

Phone numbers are now partially hidden in the account recovery settings dialog to provide an extra layer of safety and security. Learn more about updating your security settings on GitHub

The GitHub SecurityAdvisory and SecurityVulnerability APIs are now generally available and no longer require developers to specify the heimdall-preview flag. For more information on these APIs, please visit our documentation: SecurityAdvisory SecurityAdvisoryIdentifier…

We have expanded our security vulnerability alerts to include Java projects using Maven and .NET projects using Nuget. These are in addition to our existing support for JavaScript, Ruby, and…

We have improved how we alert repositories, display multiple alerts and list information on individual alerts to help you get to the security information you need faster and easier. Learn…

Behind GitHub’s security features is a carefully curated database of security vulnerabilities aggregated from across the web. This data is now available to all developers with the Security Advisory API.…

Learn how we use machine learning to power and build on security alerts and make GitHub more secure.