Search results for: Security

In celebrating GitHub Security Lab’s one-year anniversary, we explained that we’re expanding our research focus. Why did we make this decision? The decision stemmed from our work with the Open…

Today, GitHub joined an amicus brief in NSO v. WhatsApp, opposing the expansion of foreign sovereign immunity to private cyber-surveillance companies that act on behalf of foreign governments. GitHub joined…

2020 has been a year of change, with shifts to the way organizations of every size connect, collaborate, and build together. From our 2020 State of the Octoverse report to…

LGTM Enterprise 1.26.0

In July 2020, we announced our intent to require the use of token-based authentication (for example, a personal access, OAuth, or GitHub App installation token) for all authenticated Git operations.…

GitHub Actions: Environments, environment protection rules and environment secrets (beta)

GitHub Enterprise Cloud Self-Service Compliance Reports

During the last year alone, over 56 million developers created more than 60 million new repos and made more than 1.9 billion contributions on GitHub. These developers are building the…

We detail the great momentum we’ve had with our partners at GitHub this past year, building a healthy ecosystem aimed at making our users more productive.

Check out the latest announcements from GitHub Universe 2020, including dark mode, Sponsors for companies, improvements to Actions, dependency review, and more.

Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.

We’re here to bring you the latest and greatest releases for December 2020. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech…

GitHub Universe is almost here. For more on what to expect from this year’s stream, we sat down with virtual host, Brian Douglas, for a quick Q&A on GitHub Actions,…

Private repository secret scanning API

To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.

Dependabot: version updates from private GitHub repositories

Change is inevitable, and this year, it has been inescapable. We’ve had to find new ways to relate, learn, and balance both work and life at home. One thing has…

The Meta API endpoint previously contained MD5 signatures for GitHub’s SSH public keys. We have now deprecated these in favor of the newer SHA-256 fingerprints. Developers verifying the authenticity of…

The Digital Millennium Copyright Act (DMCA) is a 22-year old United States law meant to strike a complicated balance between art, code, and speech on the net — impacting users…

This blog describes a security vulnerability in the infrastructure that supports Germany’s COVID-19 contact tracing efforts. The mobile (Android/iOS) apps are not affected by the vulnerability and do not collect and/or transmit any personal data other than the device’s IP address. The infrastructure takes active measures to disassociate true positives from client IP addresses.

We’re here to bring you the latest and greatest releases for November 2020. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech…