Search results for: Security

We’re pledging to strengthen cybersecurity and collaborate to build a more resilient internet.

As more developers draw from existing code libraries to build new tools, tracking changes in dependencies like security vulnerabilities has become more difficult. Since the launch of security alerts last…

Last month GitHub celebrated the fourth year of our Security Bug Bounty program. As we’ve done in the past, we’re sharing some details and highlights from 2017 and looking ahead…

Today’s software is increasingly interconnected and interdependent. There’s a good chance your project relies on someone else’s, and if your project is public that others might rely on it, too.…

Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for…

Organization owners can now limit the ability to delete repositories. The new repository deletion setting is available for all plans hosted by GitHub and will be coming to GitHub Enterprise…

A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for…

What happened? On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using…

We want to free up your administrator’s time by providing a tool that requires little maintenance and great out-of-the-box security. By following a few simple steps, GitHub Enterprise can be…

It’s already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our…

Update: 2014-09-29 23:10 UTC We have published an update to the Git Shell tools for GitHub for Windows, which resolves the bash vulnerabilities CVE-2014-6271, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187. If you…

On April 7, 2014 information was released about a new vulnerability (CVE-2014-0160) in OpenSSL, the cryptography library that powers the vast majority of private communication across the Internet. This library…

We just added more granular permissions so third party applications can specifically request read-only access, read/write access, or full admin access to your public SSH keys. You’re in control As…

Our users’ trust is something we never take for granted here at GitHub. In order to earn and keep that trust we are always working to improve the security of…

We’re always looking at ways to improve security. Today’s release of GitHub for Windows (version 1.0.54) improves password handling security through the use of OAuth tokens. Prior to this release…

We’ve started rolling out a new security feature called “Content Security Policy” or CSP. As a user, it will better protect your account against XSS attacks. But, be aware, it…

At 8:49am Pacific Time this morning a GitHub user exploited a security vulnerability in the public key update form in order to add his public key to the rails organization.…

Explore the GitHub Blog’s top posts covering the biggest software development topics of the year.

Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.

From Appwrite to Zulip, Universe 2025’s Open Source Zone was stacked with standout projects showing just how far open source can go. Meet the maintainers—and if you want to join them in 2026, you can now apply for next year’s cohort.

Organizations now have more granular control over who can request GitHub Apps and OAuth apps. This enhancement helps you implement stricter governance policies while maintaining flexibility for your security posture.…