Search results for: Security
Keep all your packages up to date with Dependabot
Keeping your dependencies updated is one of the easiest ways to keep the software you build secure. However, while it’s critically important to keep your dependencies updated, in a recent…
The Octopus Scanner Malware: Attacking the open source supply chain
This post details how an open source supply chain malware spread through build artifacts. 26 open source projects were backdoored by this malware and were actively serving backdoored code.
Keep your secrets synced across multiple repositories with organization secrets
Now you can define secrets for an organization, making it easier to keep secrets synced across multiple repositories.
Hot lava: A case study in hunting for network integer arithmetic flaws
We examine the dangers of network integer arithmetic based on a case study of security vulnerabilities reported to the ntop project.
Capture the Flag 4—CodeQL and chill
Join our Capture the Flag challenge to use your CodeQL skills or learn new ones.
New from Satellite 2020: GitHub Discussions, Codespaces, securing code in private repositories, and more
See what we announced at our first virtual GitHub Satellite including a full dev environment on GitHub powered by VS Code, a new way to have discussions with your communities, new ways to secure projects with code scanning and secret scanning, and more.
GitHub Protips: Tips, tricks, hacks, and secrets from Brian Douglas
Make better contributions, triage your issues efficiently, save time with saved replies, and more with @bdougie’s protips.
How to build an effective DevSecOps culture
By prioritizing secure development alongside speed, DevSecOps helps you ship safer applications by making security part of your current DevOps pipeline.
GitHub Actions: Community momentum, enterprise capabilities, and developer improvements
GitHub Actions continues its community momentum and ships new features for enterprises and developers.
Meet some of this year’s GitHub Satellite speakers
GitHub Satellite is back, and this year it’s virtual. Tune in at githubsatellite.com on May 6 at 9 am PT / 12 pm ET to hear from CEO Nat Friedman and developers around the world.
Git credential helper vulnerability announced (Update)
Learn more about the security vulnerabilities affecting Git 2.26.1 and older.
Sawfish phishing campaign targets GitHub users
A phishing campaign targeting our customers lures GitHub users into providing their credentials (including two-factor authentication codes). Learn more about the threat and what you can do to protect yourself.
Git credential helper vulnerability announced
Learn more about the security vulnerabilities affecting Git 2.26 and older.
Databricks and HubSpot join our token scanning program
Databricks and HubSpot join our token scanning program
Adafruit and Samsara join our token scanning program
Adafruit and Samsara join our token scanning program
Enhancing our COVID-19 response to care for our community and team
We’ve taken further steps to ensure that our people can be safe and productive wherever they are, and that our community’s home on GitHub remains reliable and resilient.
Why organizations should commit to innersource in 2020
Learn about five more reasons why every enterprise should make innersource a priority in 2020.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
