Authentication token format updates are generally available
Authentication token format updates are generally available
GitHub Blog Search
Search Results for: Security
Dependabot version updates are now generally available!
Dependabot version updates are now generally available!
Introducing the GitHub Education Stream Team!
We are taking GitHub Campus TV to the next level with the help of emerging developers! How? Students from around the world are coming together to host weekly streams on…
One day short of a full chain: Real world exploit chains explained
When it comes to security research, the path from bug to vulnerability to exploit can be a long one. Security researchers often end their research journey at the “Proof of…
The Python Package Index is now a GitHub secret scanning integrator
The Python Package Index is now a GitHub secret scanning integrator
GitHub Capture the Flag results
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…
How we found and fixed a rare race condition in our session handling
On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is…
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.
Dependabot ❤️s private dependencies
Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…
CodeQL Code Scanning: improvements for users analyzing codebases on 3rd party CI/CD systems
CodeQL Code Scanning: improvements for users analyzing codebases on 3rd party CI/CD systems
How MLOps can drive governance for machine learning: A conversation with Algorithmia
This post features a guest interview with Diego M. Oppenheimer, CEO at Algorithmia Over the past few years, machine learning has grown in adoption within the enterprise. More organizations are…
Measuring enterprise developer productivity
In a recent paper written by Nicole Forsgren and her colleagues, “The SPACE of developer productivity: There’s more to it than you think,” there is an irony that is hard…
Code scanning: support for additional libraries and frameworks improves CodeQL analysis
Code scanning: support for additional libraries and frameworks improves CodeQL analysis
Git clone vulnerability announced
Today, the Git project released new versions to address CVE-2021-21300: a security vulnerability in the delayed checkout mechanism used by Git LFS during git clone operations affecting versions 2.15 and…
Octoverse spotlight: Exploring the people and stories behind GitHub data
In January 2020, the World Health Organization (WHO) declared a state of emergency. Even before the novel coronavirus had an official name, it set off global travel restrictions, widespread closures,…
Your guide to DevOps automation and CI/CD at GitHub InFocus
Last week we kicked off GitHub InFocus, a global virtual series just for software teams. We discussed the importance of developer experience and innersource—and how key collaboration really is. Next…
The little bug that couldn’t: Securing OpenSSL
Software security doesn't end at the boundaries of your own code. The moment a library dependency is introduced, you're adopting other people’s code and any bugs that come with it.…
2020 Transparency Report
At GitHub, we put developers first, and we work hard to provide a safe, open, and inclusive platform for code collaboration. This means we are committed to minimizing the disruption…