Search results for: Security

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…

GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance.

GitHub Mobile can no longer connect to GitHub Enterprise Server 3.0. To enable connections from GitHub Mobile to GitHub Enterprise Server, a site administrator must upgrade to GitHub Enterprise Server…

We’ve just released a new version of Octokit.js, our SDK for interacting with the GitHub API from your JavaScript or TypeScript code. The new release adds support for 91 new…

Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities

Dependency graph now supports submissions through the dependency submission API (beta). This enables you to add dependencies, such as those resolved when software is compiled or built, to the dependency…

GitHub Advanced Security customers can now view bypasses of secret scanning’s push protection in the enterprise and organization audit logs. The GitHub REST API and webhooks now also contain bypass…

GitHub Advanced Security customers can now perform dry runs of their custom patterns when editing a pattern. Dry runs allow admins to understand a pattern’s impact across an organization and…

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.

GitHub’s Advisory Database now supports listing malware advisories. You can see them by searching “type:malware” on https://github.com/advisories. If you have enabled Dependabot alerts on your repositories, GitHub will send Dependabot…

To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.

The Dependency Review GitHub Action, which checks if pull requests introduce a dependency with a known vulnerability, now supports configuration based on vulnerability severity and license type. The following configuration…

We share a recap of a recent roundtable event about what a federal open source software policy could look like in the United States.

Today, we’re shipping the ability to select multiple Dependabot alerts to reopen or dismiss from the index page UI. For example, from the Closed alerts tab, you can now select…

How can you robustly assert and identify a user’s identity?

Dependabot is generally available in GitHub Enterprise Server 3.5. Here is how to set up Dependabot on your instance.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with…

We’re excited to announce that we’re open sourcing our Identity and Access Management solution: Entitlements.

When you visit the GitHub Advisory Database, you can now search for any historical advisory recognized by the National Vulnerability Database. Previously, we only displayed advisories from our supported ecosystems.…

GitHub Advanced Security customers can now use sort and direction parameters in the GitHub REST API when retrieving secret scanning alerts. API users can sort based on the alert’s created…

We are archiving Atom and all projects under the Atom organization for an official sunset on December 15, 2022.