Search results for: Security

Code scanning configurations can now be deleted from the code scanning alert page. This could be used to delete stale configurations causing alerts to remain open, or delete old configurations…

In a world where software and hardware is ubiquitous, GitHub can help enable secure development for mission-critical embedded systems.

Today we have released multi-repository variant analysis for CodeQL in public beta to help the OSS security community power up their research with CodeQL. CodeQL is the static code analysis…

Join us virtually on March 28-31 for GitHub Galaxy, a global enterprise event focused on improving efficiency, security, and developer productivity.

With updates to GitHub Actions, repositories, and GitHub Advanced Security, this new version of GitHub Enterprise Server is focused on bringing the best developer experience to companies.

Dependency graph no longer ingests go.sum files for Go repositories, and Dependabot no longer alerts on vulnerabilities for dependencies found in go.sum files. Dependencies previously ingested from go.sum files have…

Our community—along with ourselves—took a much needed break over the festive season. Now everyone is back into the full swing of work, and the open source community is showing us…

We are changing how you receive notifications of secret scanning alerts. Previously, to receive secret scanning alert notifications, you had to watch a repository with “All activity” or “Security alerts”…

You can now enable secret scanning alerts on all your personal public repositories from your account’s code security and analysis settings. As before, you can also enable secret scanning alerts…

Explore how using GitHub and HashiCorp together enables enterprises to develop and ship to their customers faster and more secure with consistent workflows and actions.

What’s new? This feature makes it easier to enable Dependabot alerts and check enablement status across all your repositories at an enterprise level, with updates across both enablement UI and…

Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.

Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.

Policymakers around the world are developing policies that impact how software gets built and who gets to build it, see the latest now.

CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.

The Primary field on two-factor authentication methods has been removed, and replaced with a Preferred option. This new option sets your preferred 2FA method for account login and use of…

GitHub Copilot boosts developer productivity, but using it responsibly still requires good developer and DevSecOps practices.

To ensure the security of our infrastructure, on Tuesday, February 28th, 2023 GitHub Pages sites that contain symbolic links will no longer build outside of GitHub Actions. The majority of…

A look at what happened on January 30, what measures we’re putting in place to prevent surprises, and how we’ll handle future changes.

Learn about CodeQL’s improved user experience and enhancements that let you scan new languages, detect new types of CWEs, and perform deeper analyses of your applications.

Looking back over a year’s worth of developer-first content moderation and, new in this report, making our data more accessible to researchers.