On Day Two of GitHub Universe 2019, we announced GitHub Security Lab to bring together security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for everyone.
GitHub Security Lab, launched at GitHub Universe 2019, is a new GitHub initiative whose mission is to inspire and enable the community to secure the open source software we all…
GitHub has updated the default security alert email setting to be a single email which details the impact of a new vulnerability across all of your repositories. Previously, for a…
GitHub now supports the WebAuthn standard for authentication. A broad array of security keys can be used across most major browsers (Apple will add support in Fall 2019). The following…
The WebAuthn standard for security keys is making authentication as easy as possible. Now you can use security keys for second-factor authentication on GitHub with many more browsers and devices.
Liran Tal, Developer Advocate at Snyk, shared a few key takeaways and advice from their 2019 Open Source Security Report.
Yarn now supports security alerts for public and private repositories.
Through the integration of Dependabot, we’ve released automated security fixes as a public beta. Automated security fixes are pull requests generated by GitHub to fix security vulnerabilities. They automate a…
We’ve released maintainer security advisories as a public beta. Maintainer security advisories allow open source maintainers to privately discuss, fix, and publish notices about security vulnerabilities in repositories. GitHub may…
Repositories may now specify a security policy by creating a file named SECURITY.MD. This file should be used to instruct users about how and when to report security vulnerabilities to…
Recently, we introduced the vulnerability-alerts API preview which allows administrators to enable security vulnerability alerts on a per-repository basis. Today, we are releasing a code sample in Node and Bash which demonstrates…
Phone numbers are now partially hidden in the account recovery settings dialog to provide an extra layer of safety and security. Learn more about updating your security settings on GitHub
The GitHub SecurityAdvisory and SecurityVulnerability APIs are now generally available and no longer require developers to specify the heimdall-preview flag. For more information on these APIs, please visit our documentation: SecurityAdvisory SecurityAdvisoryIdentifier…
We have expanded our security vulnerability alerts to include Java projects using Maven and .NET projects using Nuget. These are in addition to our existing support for JavaScript, Ruby, and…
We have improved how we alert repositories, display multiple alerts and list information on individual alerts to help you get to the security information you need faster and easier. Learn…
Behind GitHub’s security features is a carefully curated database of security vulnerabilities aggregated from across the web. This data is now available to all developers with the Security Advisory API.…
Learn how we use machine learning to power and build on security alerts and make GitHub more secure.
Finding compromised passwords and two-factor recovery checkups
We have redesigned the two-factor authentication profile settings to make it easier to keep your account up to date. You will occasionally be prompted with a reminder to confirm your…
If you use Python, we can now alert you whenever you depend on vulnerable packages.
Python users can now access the dependency graph and receive security alerts whenever their repositories depend on packages with known security vulnerabilities. To configure the kind or frequency of notifications…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
