Dependabot can now generate security and version updates for Yarn v2 and v3
Dependabot can now generate security and version updates for Yarn v2 and v3
Dependabot can now generate security and version updates for Yarn v2 and v3
Upgrade your local installation of Git, especially when cloning with –recurse-submodules from untrusted repositories, or if you use git shell interactive mode.
Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease.
Learn about using GitHub Advanced Security (GHAS) alerts with Security Information and Events Management (SIEM) tools. Check out the integrations, and read more about getting started.
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.
Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security.
Dependabot security updates removes unneeded transitive dependencies
On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.
Update and configure code security enablement settings via the organization REST API
Register now to attend GitHub Universe virtually or in-person at the Yerba Buena Center for the Arts in San Francisco on November 9-10.
False-alert flags will appear in users security log due to a bug in 2FA recovery events
Security overview is now available to all GitHub Enterprise users
Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
REST API now available for the organization-level security manager role (Public Beta)
New npm security enhancements include an improved login and publish experience with the npm CLI, connected GitHub and Twitter accounts, and a new CLI command to verify the integrity of packages in npm.
Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly.
The recent changes to improve protocol security on GitHub.com are now coming to GitHub Enterprise Server, starting with version 3.6.
The Rust community can now discover, report, and prevent security vulnerabilities.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.