Search results for: Security

Suppressed notifications for Dependabot alerts at enablement time At first time enablement, Dependabot will no longer send web or email notifications that summarize when a repository is populated with Dependabot…

Sometimes, due to misconfiguration or incompatible versions, Dependabot jobs for a repository will fail and Dependabot will continue to run and continue to fail. Now, after 30 failed runs, Dependabot…

You can now easily find all alerts associated with a specific language with the new language filter on the code scanning alerts page. To show all the code scanning alerts…

Starting today, you will now receive Dependabot alerts for vulnerabilities associated with your Swift dependencies. The GitHub Advisory Database now includes curated Swift advisories. This brings the Advisory Database to…

For securely enabling OpenID Connect (OIDC) in your reusable workflows, we are now making the permissions more restrictive. If you need to fetch an OIDC token generated within a reusable…

Code scanning now has the option to enable default setup for a subset of languages in a repository. This lets you customize the configuration to suit your repository’s needs, for…

Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.

We surveyed 500 U.S.-based developers at companies with 1,000-plus employees about how managers should consider developer productivity, collaboration, and AI coding tools.

GitHub’s VIP Bug Bounty Program has been updated to include a clear and accessible criteria for receiving an invitation to the program and more. Learn more about the program and how you can become a Hacktocat, and join our community of researchers who are contributing to GitHub’s security with fun perks and access to staff and beta features!

If you manage your node.js dependencies with the pnpm package manager, you can now use Dependabot to keep those dependencies updated with automatic pull requests. You can easily configure this…

With GitHub Enterprise Importer, you can seamlessly move to GitHub Enterprise Cloud, bringing your code and collaboration history with you so your team doesn’t miss a beat.

GitHub Codespaces plans to begin rolling out improved access controls for organizations on June 27th, 2023. These changes will provide organizations additional control over which of their organization’s members or…

The option to use SMS on the sudo page on GitHub.com has been removed. Users can still use other 2FA methods as well as their password to pass the sudo…

Maintainer Month is a time for open source maintainers to gather, share, and be celebrated. Over 31 days, 16 organizations came together to offer 42 activities convening and celebrating maintainers.

Explore how investing in a better developer experience frees developers to do what matters most: building great software.

A tool to help you keep your open source catalog organized and up to date.

You can now create single-use self-hosted runners without time-limited registration tokens using the REST API. When a runner registers using this API it will only be allowed to run a…

Today, we’re extending CodeQL code scanning support to Swift! Developers working on Swift libraries and apps on Apple platforms can now benefit from our best-in-class code security analysis. We currently…

GitHub Enterprise Cloud administrators can now download and view the updated Services Continuity and Incident Plan for 2023. To learn more, please review our documentation on how to access compliance…

In this blog, I’ll look at CVE-2022-46395, a variant of CVE-2022-36449 (Project Zero issue 2327), and use it to gain arbitrary kernel code execution and root privileges from the untrusted app domain on an Android phone that uses the Arm Mali GPU. I’ll also explain how root cause analysis of CVE-2022-36449 led to the discovery of CVE-2022-46395.

GitHub secret scanning protects users by searching repositories for known types of tokens. By identifying and flagging these tokens, our scans help prevent data leaks and fraud. We have partnered…