Search results for: Security

If you use Gradle Version Catalogs to centralize managing dependencies for a Gradle project, you will now be able to use Dependabot version updates to keep these dependencies up-to-date! You…

If you use versioned reusable workflows in GitHub Actions, you can now use Dependabot version updates to keep those workflows up-to-date in your repositories! This is useful for anyone using…

We are open sourcing our own OSPO policies, tools, and guides to help other OSPOs get started.

We are preparing to bring powerful new code search capabilities to GitHub. As part of that effort, on April 10, 2023, we will make several changes to the code search…

Developers are at the heart of our online world and at the forefront of creating solutions for global challenges, working to make the software that underpins our digital infrastructure more secure, reliable, and safe.

Dependency graph and Dependabot now parse and update package-lock.json files set with lockfileVersion: 3, which is used by npm v9. Users will receive Dependabot alerts for dependencies with known vulnerabilities.…

Code scanning configurations can now be deleted from the code scanning alert page. This could be used to delete stale configurations causing alerts to remain open, or delete old configurations…

In a world where software and hardware is ubiquitous, GitHub can help enable secure development for mission-critical embedded systems.

Today we have released multi-repository variant analysis for CodeQL in public beta to help the OSS security community power up their research with CodeQL. CodeQL is the static code analysis…

Join us virtually on March 28-31 for GitHub Galaxy, a global enterprise event focused on improving efficiency, security, and developer productivity.

With updates to GitHub Actions, repositories, and GitHub Advanced Security, this new version of GitHub Enterprise Server is focused on bringing the best developer experience to companies.

Dependency graph no longer ingests go.sum files for Go repositories, and Dependabot no longer alerts on vulnerabilities for dependencies found in go.sum files. Dependencies previously ingested from go.sum files have…

Our community—along with ourselves—took a much needed break over the festive season. Now everyone is back into the full swing of work, and the open source community is showing us…

We are changing how you receive notifications of secret scanning alerts. Previously, to receive secret scanning alert notifications, you had to watch a repository with “All activity” or “Security alerts”…

You can now enable secret scanning alerts on all your personal public repositories from your account’s code security and analysis settings. As before, you can also enable secret scanning alerts…

Explore how using GitHub and HashiCorp together enables enterprises to develop and ship to their customers faster and more secure with consistent workflows and actions.

What’s new? This feature makes it easier to enable Dependabot alerts and check enablement status across all your repositories at an enterprise level, with updates across both enablement UI and…

Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.

Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.

Policymakers around the world are developing policies that impact how software gets built and who gets to build it, see the latest now.

CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.