GitHub Blog Search
Search Results for: Security
Environmental sustainability at GitHub
At GitHub, we believe in the extraordinary potential and power of a diverse, collaborative developer community to accelerate human progress. Just look at the first-ever powered flight on another planet…
New and simplified Enterprise and Partner Terms
Can agreement terms be a great user experience? This was the challenge GitHub’s legal department set for itself last year. We’re excited to announce all-new GitHub Customer Terms for our…
GitHub Actions: Control permissions for GITHUB_TOKEN
GitHub Actions: Control permissions for GITHUB_TOKEN
Sunsetting API Authentication via Query Parameters, and the OAuth Applications API
Sunsetting API Authentication via Query Parameters, and the OAuth Applications API
Upgrade your GitHub app in your Slack workspace
The GitHub app is built on Slack's workspace apps which is now deprecated. The legacy GitHub app will stop working on July 15, 2021. We have built a new version…
Behind GitHub’s new authentication token formats
We're excited to share a deep dive into how our new authentication token formats are built and how these improvements are keeping your tokens more secure. As we continue to…
Secret scanning for private repositories is generally available!
Secret scanning for private repositories is generally available!
Authentication token format updates are generally available
Authentication token format updates are generally available
Dependabot version updates are now generally available!
Dependabot version updates are now generally available!
Introducing the GitHub Education Stream Team!
We are taking GitHub Campus TV to the next level with the help of emerging developers! How? Students from around the world are coming together to host weekly streams on…
One day short of a full chain: Real world exploit chains explained
When it comes to security research, the path from bug to vulnerability to exploit can be a long one. Security researchers often end their research journey at the “Proof of…
The Python Package Index is now a GitHub secret scanning integrator
The Python Package Index is now a GitHub secret scanning integrator
GitHub Capture the Flag results
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…
How we found and fixed a rare race condition in our session handling
On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is…
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.
Dependabot ❤️s private dependencies
Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…