Search results for: Security

Check out some advanced automation and CI/CD capabilities you can use today with GitHub Actions on any GitHub account.

In this post, I’ll use three bugs that I reported to Qualcomm in the NPU (neural processing unit) driver to gain arbitrary kernel code execution as root user and disable SELinux from the untrusted app sandbox in an Android phone.

It’s now easier to debug problems with CodeQL code scanning: an optional flag in the Actions workflow file will trigger diagnostic data to be uploaded as an artifact to your…

GitHub Enterprise Cloud administrators can now download and view the latest GitHub SOC 1, Type 2 and SOC 2, Type 2 compliance reports for 2021. These reports can be found…

On February 16, 2022, all non-audit-related npm Advisory APIs will be deprecated. Historically these undocumented APIs have been used to programmatically access advisory data. If you don’t use these APIs,…

The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.

We’ve improved the depth of CodeQL’s analysis by adding support for more libraries and frameworks and increasing the coverage of our existing library and framework models. JavaScript analysis now supports…

Developers and security researchers using the CodeQL CLI and VS Code extension can now build databases and analyze code on machines powered by Apple Silicon (e.g. Apple M1). In order…

Code scanning alerts now integrate with GitHub Issues task lists to make it easy to prioritize and track your alerts with all your development work. You can use the task…

GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of…

The GitHub Enterprise Server 3.3 Release Candidate is available. This release contains a broad range of features and enhancements across the platform including GitHub Actions, Security, and a host of…

Tips on how to get started using GitHub Actions and resources to learn more about making it work for you.

This morning, I sent the following post to the GitHub team. TL;DR: I’m moving on to my next adventure, and Thomas Dohmke (currently Chief Product Officer) will be GitHub’s next CEO.

A warning is now displayed when a file’s contents include bidirectional Unicode text. Such text can be interpreted or compiled differently than it appears in a user interface. For example,…

GitHub Codespaces allows teams and organizations to spin-up developer environments directly from a browser or through Visual Studio Code, without the hassle of setting up a brand new environment tailored…

Ruby is the 10th most popular language within the open source community. To help more open source maintainers and organizations find potential vulnerabilities in their code, we’ve added Ruby support…

GitHub Actions now supports OpenID Connect (OIDC) for secure deployments to cloud, which uses short-lived tokens that are automatically rotated for each deployment. This enables: Seamless authentication between Cloud Providers…

Since last year’s GitHub Universe, we’ve shipped more than 20,000 improvements to GitHub for developers, open source communities, and enterprise teams. Here’s a comprehensive overview of what we’re announcing at Universe this week.

GitHub Marketplace just passed 10,000 published actions! Learn about contributing to this growing open source ecosystem.

Dependency graph now supports detecting Python dependencies in repositories that use the Poetry package manager. Dependencies will be detected from both pyproject.toml and poetry.lock manifest files. We will detect dependencies…

If you are posting or editing a draft repository Security Advisory and the vulnerability impacts multiple packages and/or ecosystems, you can now identify all applicable affected products in the advisory.…