Users with access to secret scanning alerts can now view metadata for any active GitHub token leaked in their repositories. Metadata includes details like the token’s owner, expiration date, and…
Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.
Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers collaborate on it daily.…
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.
With enterprise accounts for all, your organization can take advantage of all that GitHub Enterprise has to offer, from GitHub Actions and GitHub Advanced Security, to Copilot.
Many of us are aware of the benefits that a strong focus on automation can bring, particularly in our development workflow and DevOps lifecycle. But silos across businesses can lead to duplication of effort, and potential to lose out on best practices. In this post, we’ll explore how CI/CD can be shared across your entire organization alongside policies, for a well-governed experience with GitHub Actions.
A high-quality audit log is an essential tool for enterprises to ensure compliance, maintain security, investigate issues, and promote accountability.
GitHub Enterprise Cloud customers can now join a public beta for streaming API request events as part of their enterprise audit log. As part of this beta, REST API calls…
You can now filter by repository topic or team on the organization-level Dependabot, code scanning, and secret scanning pages in security overview. These improvements have shipped to GitHub.com and will…
GitHub Advanced Security users can now view alert metrics for custom patterns at the repository, organization, and enterprise levels directly from the custom pattern’s page. Custom patterns with push protection…
Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries.
These changes will improve the experience for custom query authors and enable better precision in some of our standard queries. Learn how to enable them for your custom queries.
The dependency graph shows a summary of the manifest and lock files stored in a repository. The repository view has an updated user experience that includes: Search by package name…
A software bill of materials (SBOM) is a standardized inventory of a software project’s dependencies and associated metadata (versions, licenses, etc). You can now export your repository’s dependency graph as…
Developers and compliance teams get a new SBOM generation tool for cloud repositories.
Learn how GitHub’s one, integrated platform–powered by AI and secure at every step—helps developer teams be more productive, collaborative, and efficient.
The new code scanning tool status page allows users to view the status of CodeQL and other code scanning tools. The page shows all the tools that are enabled on…
The repository dependency graph GraphQL API preview now returns dependencies that have been submitted using the dependency submission API. Learn more about the dependency graph Learn more about the dependency…
In addition to Ubuntu & Windows, GitHub Actions now attaches a SBOM (Software Bill of Materials) to hosted runner image releases for macOS. In the context of GitHub Actions hosted…
At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.
GitHub Security was notified about an issue where private issue and pull request titles would be displayed in search results. Our Security team investigated potential instances and determined that this…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
