Search results for: Security

Ruby is the 10th most popular language within the open source community. To help more open source maintainers and organizations find potential vulnerabilities in their code, we’ve added Ruby support…

GitHub Actions now supports OpenID Connect (OIDC) for secure deployments to cloud, which uses short-lived tokens that are automatically rotated for each deployment. This enables: Seamless authentication between Cloud Providers…

Since last year’s GitHub Universe, we’ve shipped more than 20,000 improvements to GitHub for developers, open source communities, and enterprise teams. Here’s a comprehensive overview of what we’re announcing at Universe this week.

GitHub Marketplace just passed 10,000 published actions! Learn about contributing to this growing open source ecosystem.

Dependency graph now supports detecting Python dependencies in repositories that use the Poetry package manager. Dependencies will be detected from both pyproject.toml and poetry.lock manifest files. We will detect dependencies…

If you are posting or editing a draft repository Security Advisory and the vulnerability impacts multiple packages and/or ecosystems, you can now identify all applicable affected products in the advisory.…

Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.

This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of…

We sat down with Universe hosts Lorena Mesa and Jarryd McCree for a quick Q&A to help you make the most out of your conference experience this year.

GitHub Secret Scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and fraudulent uses of secrets that…

Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.

Dependency review is now generally available for all public repositories and for private repositories with GitHub Advanced Security enabled. Dependency review helps you understand dependency changes and the security impact…

The npm security advisory database is now part of the GitHub Advisory Database. As a result, npm audit will now return URLs to the GitHub Advisory Database and the advisories…

Recover Accounts Elsewhere allows a user to store a recovery token with a third-party recovery partner to use as a recovery method when their account is protected by two-factor authentication.…

Manage your company in the cloud with more control and governance using enterprise managed users.

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.

GitHub Enterprise Cloud’s Services Continuity and Incident Management Plan is now available for self-service alongside additional resources under the Compliance tab. Enterprise owners may download and view current GitHub compliance…

GitHub Enterprise Server 3.2 is now generally available for all customers. This release contains more than 70 new features and changes that create a more delightful development experience, and provide…

This release brings over 70 new features and changes that improve developer experience and deliver new security capabilities.

As part of GitHub’s strong commitment to developer privacy, we are excited to announce updates to our privacy agreements in line with new legal requirements and our own robust data protection practices.