Search results for: Security

If you use Python, we can now alert you whenever you depend on vulnerable packages.

Python users can now access the dependency graph and receive security alerts whenever their repositories depend on packages with known security vulnerabilities. To configure the kind or frequency of notifications…

We’re pledging to strengthen cybersecurity and collaborate to build a more resilient internet.

As more developers draw from existing code libraries to build new tools, tracking changes in dependencies like security vulnerabilities has become more difficult. Since the launch of security alerts last…

Last month GitHub celebrated the fourth year of our Security Bug Bounty program. As we’ve done in the past, we’re sharing some details and highlights from 2017 and looking ahead…

Today’s software is increasingly interconnected and interdependent. There’s a good chance your project relies on someone else’s, and if your project is public that others might rely on it, too.…

Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for…

Organization owners can now limit the ability to delete repositories. The new repository deletion setting is available for all plans hosted by GitHub and will be coming to GitHub Enterprise…

A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for…

What happened? On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using…

We want to free up your administrator’s time by providing a tool that requires little maintenance and great out-of-the-box security. By following a few simple steps, GitHub Enterprise can be…

It’s already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our…

Update: 2014-09-29 23:10 UTC We have published an update to the Git Shell tools for GitHub for Windows, which resolves the bash vulnerabilities CVE-2014-6271, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187. If you…

On April 7, 2014 information was released about a new vulnerability (CVE-2014-0160) in OpenSSL, the cryptography library that powers the vast majority of private communication across the Internet. This library…

We just added more granular permissions so third party applications can specifically request read-only access, read/write access, or full admin access to your public SSH keys. You’re in control As…

Our users’ trust is something we never take for granted here at GitHub. In order to earn and keep that trust we are always working to improve the security of…

We’re always looking at ways to improve security. Today’s release of GitHub for Windows (version 1.0.54) improves password handling security through the use of OAuth tokens. Prior to this release…

We’ve started rolling out a new security feature called “Content Security Policy” or CSP. As a user, it will better protect your account against XSS attacks. But, be aware, it…

At 8:49am Pacific Time this morning a GitHub user exploited a security vulnerability in the public key update form in order to add his public key to the rails organization.…

To help you understand the activity generated by Copilot code review users, the Copilot usage metrics API now breaks down Copilot code review suggestions by comment type. A new copilot_suggestions_by_comment_type…

Youth safety requirements are moving down the tech stack to operating systems and app stores—raising new questions for open source developers.