Search results for: Security

The GitHub SecurityAdvisory and SecurityVulnerability APIs are now generally available and no longer require developers to specify the heimdall-preview flag. For more information on these APIs, please visit our documentation: SecurityAdvisory SecurityAdvisoryIdentifier…

We have expanded our security vulnerability alerts to include Java projects using Maven and .NET projects using Nuget. These are in addition to our existing support for JavaScript, Ruby, and…

We have improved how we alert repositories, display multiple alerts and list information on individual alerts to help you get to the security information you need faster and easier. Learn…

Behind GitHub’s security features is a carefully curated database of security vulnerabilities aggregated from across the web. This data is now available to all developers with the Security Advisory API.…

Learn how we use machine learning to power and build on security alerts and make GitHub more secure.

Finding compromised passwords and two-factor recovery checkups

We have redesigned the two-factor authentication profile settings to make it easier to keep your account up to date. You will occasionally be prompted with a reminder to confirm your…

If you use Python, we can now alert you whenever you depend on vulnerable packages.

Python users can now access the dependency graph and receive security alerts whenever their repositories depend on packages with known security vulnerabilities. To configure the kind or frequency of notifications…

We’re pledging to strengthen cybersecurity and collaborate to build a more resilient internet.

As more developers draw from existing code libraries to build new tools, tracking changes in dependencies like security vulnerabilities has become more difficult. Since the launch of security alerts last…

Last month GitHub celebrated the fourth year of our Security Bug Bounty program. As we’ve done in the past, we’re sharing some details and highlights from 2017 and looking ahead…

Today’s software is increasingly interconnected and interdependent. There’s a good chance your project relies on someone else’s, and if your project is public that others might rely on it, too.…

Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for…

Organization owners can now limit the ability to delete repositories. The new repository deletion setting is available for all plans hosted by GitHub and will be coming to GitHub Enterprise…

A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for…

What happened? On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using…

We want to free up your administrator’s time by providing a tool that requires little maintenance and great out-of-the-box security. By following a few simple steps, GitHub Enterprise can be…

It’s already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our…

Update: 2014-09-29 23:10 UTC We have published an update to the Git Shell tools for GitHub for Windows, which resolves the bash vulnerabilities CVE-2014-6271, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187. If you…

On April 7, 2014 information was released about a new vulnerability (CVE-2014-0160) in OpenSSL, the cryptography library that powers the vast majority of private communication across the Internet. This library…