Search results for: Security

Today, we’re shipping improvements to Dependabot alerts that help you more easily understand and remediate vulnerabilities from dependencies in your codebase. Persisted Dependabot alerts Developers can now view alerts that…

GitHub Advanced Security customers can now view all their Dependabot alerts in the organization security tab. This view is available to organization owners and members of teams with the security…

Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate.

Users can now retrieve all their code scanning alerts at the GitHub organization level via the REST API. This new API endpoint supplements the existing repository level endpoint. This API…

Here’s January’s top staff picks on projects that shipped major version releases.

A quick guide on the advantages of using GitHub Actions as your preferred CI/CD tool—and how to build a CI/CD pipeline with it.

The dependency graph now supports detecting GitHub Actions workflow YAML files. These will be displayed within the dependency graph section in the Insights tab. Repositories that publish actions will also…

The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions!

In GitHub’s latest transparency report, we’re giving you a by-the-numbers look at how we responded to requests for user info and content removal.

When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

GitHub continues to improve account security and developer experience with a new 2FA mechanism in GitHub Mobile on iOS and Android.

When digital infrastructure is overlooked by governments, it isn’t just a missed opportunity: policies may inadvertently endanger open source collaboration.

GitHub Advanced Security customers can now retrieve private repository secret scanning results at the enterprise level via the GitHub REST API. This new endpoint supplements the existing repository-level and organization-level…

GitHub Advanced Security customers can now view all their code scanning alerts in the organization security tab. This view is available to organization owners and members of teams with the…

While renewing GitHub Actions SSL certificates, an unexpected change in the intermediate certificate authority broke workflows using Open ID Connect (OIDC) based deployment to AWS. To fix the issue please…

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

In this third and last part, I’ll share the results of my research on Apache HTTP server, and I’ll show some of the vulnerabilities that I’ve found.

Up until today, the GitHub Advisory Database has only published advisories that have been curated and approved by our Security Lab team. This approach meant users sometimes couldn’t find advisories…

Looking to avoid security vulnerabilities, buttons that don’t work, slow site speeds, or manually writing release notes? This one’s for you.

How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)

On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.