Late last year, we updated Security Advisories to enable you to edit published advisories with new or updated information (like a newly-fixed version or additional impact information). Now, you can…
LGTM Enterprise is a feature of GitHub Advanced Security, and the latest release is now available for download. The 1.23.1 release includes minor feature improvements and fixes non-security bugs. Learn…
You can now edit GitHub Security Advisories after you publish them. This can be helpful if you’ve learned more about the scope or impact of the vulnerability you’re announcing, if…
This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).
This is the second post in our series about Ubuntu’s crash reporting system. We’ll review CVE-2019-7307, a TOCTOU vulnerability that enables a local attacker to include the contents of any file on the system in a crash report.
Learn more about what’s behind the scenes with GitHub vulnerability alerts.
Keep GitHub Enterprise Server secure with our recommendations for security best practices, from password protection to logging and auditing.
GitHub Security Advisories, which launched in beta earlier this year, are now generally available. And we’ve made some exciting changes based on feedback from maintainers. First, we’ve added the ability…
Automated security updates (formerly Dependabot and automated security fixes) are now generally available in all public repositories on GitHub. After a popular debut at Satellite 2019, more than 3.5 million…
On Day Two of GitHub Universe 2019, we announced GitHub Security Lab to bring together security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for everyone.
GitHub Security Lab, launched at GitHub Universe 2019, is a new GitHub initiative whose mission is to inspire and enable the community to secure the open source software we all…
GitHub has updated the default security alert email setting to be a single email which details the impact of a new vulnerability across all of your repositories. Previously, for a…
GitHub now supports the WebAuthn standard for authentication. A broad array of security keys can be used across most major browsers (Apple will add support in Fall 2019). The following…
The WebAuthn standard for security keys is making authentication as easy as possible. Now you can use security keys for second-factor authentication on GitHub with many more browsers and devices.
Liran Tal, Developer Advocate at Snyk, shared a few key takeaways and advice from their 2019 Open Source Security Report.
Yarn now supports security alerts for public and private repositories.
Through the integration of Dependabot, we’ve released automated security fixes as a public beta. Automated security fixes are pull requests generated by GitHub to fix security vulnerabilities. They automate a…
We’ve released maintainer security advisories as a public beta. Maintainer security advisories allow open source maintainers to privately discuss, fix, and publish notices about security vulnerabilities in repositories. GitHub may…
Repositories may now specify a security policy by creating a file named SECURITY.MD. This file should be used to instruct users about how and when to report security vulnerabilities to…
Recently, we introduced the vulnerability-alerts API preview which allows administrators to enable security vulnerability alerts on a per-repository basis. Today, we are releasing a code sample in Node and Bash which demonstrates…
Phone numbers are now partially hidden in the account recovery settings dialog to provide an extra layer of safety and security. Learn more about updating your security settings on GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Last chance: Save $700 on your IRL pass to Universe and join us on Oct. 28-29 in San Francisco.
