Search results for: Security

How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.

Git users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.

In security overview, when you select a team from the Team dropdown or filter by team in either the security risk or the security coverage views, results include repositories where…

You can now view (GET) the security feature enablement status for all repositories in your organization using the “list organization repositories” endpoint in the REST API for the following security…

With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.

GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more about our approach, when we’ll begin our rollout, and what you can expect as we begin requiring 2FA.

We’ve shipped improvements to the billing pages for GitHub Advanced Security so it is easier for you to see how many licenses you are using. You can now see how…

The organization-level security overview page has been replaced by the risk and coverage views as previously announced and is no longer available. The risk view is designed to help you…

We’ve recently released a few minor user experience improvements for our GitHub Security Advisory form: You’re no longer required to fill out as many fields in the form before submitting…

Dependabot security updates now supports the Pub ecosystem, making it easier for you to fix vulnerable dependencies in your Dart or Flutter apps. With security updates enabled, Dependabot will automatically…

Dependabot security updates now supports the GitHub Actions ecosystem, making it easier for you to fix vulnerable GitHub Actions dependencies. With security updates enabled, Dependabot will automatically raise a pull…

You can now enable and disable the following GitHub security features for a single repository from the organization-level security coverage view: Dependency graph Dependabot alerts Dependabot security updates If you…

Security overview’s new risk and coverage views provide greater visibility into your security posture and risk analysis. Each new view offers a refreshed design with several key improvements, including insights…

We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem.

A Security.md file in the root of a repository will now be highlighted on the repository overview in the sidebar. For more information, see “Adding a security policy to your…

A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecurity roles.

Removing the security vulnerability banner The yellow banner stating “We found potential security vulnerabilities in your dependencies” is being removed. Please use the “Security” alert count in your repository navigation…

As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program.

The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.

Dependabot has added support for updating dependencies in Yarn v2 and Yarn v3 manifests (package.json, and yarn.lock files). This is in addition to the existing support for Yarn v1. There…

Upgrade your local installation of Git, especially when cloning with –recurse-submodules from untrusted repositories, or if you use git shell interactive mode.