Search results for: Security

When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

GitHub continues to improve account security and developer experience with a new 2FA mechanism in GitHub Mobile on iOS and Android.

When digital infrastructure is overlooked by governments, it isn’t just a missed opportunity: policies may inadvertently endanger open source collaboration.

GitHub Advanced Security customers can now retrieve private repository secret scanning results at the enterprise level via the GitHub REST API. This new endpoint supplements the existing repository-level and organization-level…

GitHub Advanced Security customers can now view all their code scanning alerts in the organization security tab. This view is available to organization owners and members of teams with the…

While renewing GitHub Actions SSL certificates, an unexpected change in the intermediate certificate authority broke workflows using Open ID Connect (OIDC) based deployment to AWS. To fix the issue please…

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

In this third and last part, I’ll share the results of my research on Apache HTTP server, and I’ll show some of the vulnerabilities that I’ve found.

Up until today, the GitHub Advisory Database has only published advisories that have been curated and approved by our Security Lab team. This approach meant users sometimes couldn’t find advisories…

Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one’s for you.

How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)

On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.

We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.

Starting 12-09-2021, GitHub Actions workflows triggered by Dependabot for the create, deployment, and deployment_status events will always receive a read-only token and no secrets. Starting 12-09-2021, GitHub Actions workflows triggered…

GitHub Enterprise Server is now generally available for all customers. This release improves performance for CI/CD and for customers with large repositories.

Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.

This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans may prevent data leaks and any fraud associated with…

GitHub Advanced Security customers can now use the GitHub REST API to retrieve commit details of secrets detected in private repository scans. Now available on cloud, the new endpoint will…

GitHub Actions workflows triggered by Dependabot will now be sent the Dependabot secrets. This change will enable you to pull from private package registries in your CI using the same…