5 automations every developer should be running
Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one’s for you.
Home / You searched for Security / Blog Search
Search results for: Security
Getting root on Ubuntu through wishful thinking
How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)
GitHub’s response to Log4j vulnerability CVE-2021-44228
On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.
What’s new from GitHub Changelog? November 2021 recap
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.
GitHub Actions: Changes to permissions in workflows triggered by Dependabot
GitHub Actions: Changes to permissions in workflows triggered by Dependabot
GitHub Enterprise Server 3.3 is generally available
GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories.
Enrolling all npm publishers in enhanced login verification and next steps for two-factor authentication enforcement
Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.
Write more secure code with the OWASP Top 10 Proactive Controls
This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.
Safeguard your containers with new container signing capability in GitHub Actions
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.
GitHub Actions: Workflows triggered by Dependabot receive dependabot secrets
GitHub Actions: Workflows triggered by Dependabot receive dependabot secrets
5 DevOps tips to speed up your developer workflow
From learning YAML to scripting with Bash, here are a few simple tips for developers who want to speed up their workflows.
GitHub Actions: reusable workflows is generally available
DRY your Actions configuration with reusable workflows (and more!)
GitHub Actions: Secure cloud deployments with OpenID Connect is now GA
The OpenID Connect (OIDC) support for secure cloud deployments with GitHub Actions is now generally available.You can configure your workflows to request short-lived access tokens that are automatically rotated for…
Secure deployments with OpenID Connect & GitHub Actions now generally available
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.
Blue-teaming for Exiv2: how to squash bugs by enrolling in OSS-Fuzz
OSS-Fuzz is Google’s awesome fuzzing service for open source projects. GitHub Security Lab’s @kevinbackhouse describes enrolling a project.
Display help text for your custom CodeQL queries in code scanning
The latest release of the CodeQL CLI supports including markdown-rendered query help in SARIF files so that the help text can be viewed in the code scanning UI. This functionality…
In case you missed it, GitHub Education at Universe 2021!
A recap of all the GitHub Education news from Universe 2021, including the new Intro to Web Dev Experience.
What’s new from GitHub Changelog? October 2021 recap
A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.
7 advanced workflow automation features with GitHub Actions
Check out some advanced automation and CI/CD capabilities you can use today with GitHub Actions on any GitHub account.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
