Keeping open source software secure is a community responsibility. But with millions of projects, it’s hard to pinpoint the right signal from noise—and find and fix the vulnerabilities that really…
When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.
Nós do GitHub estamos animados em anunciar nosso meetup virtual na América Latina, o GitHub ¡Presente!
GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.
GitHub’s dependency graph identifies all upstream dependencies and public downstream dependents of a repository or package by parsing manifest files, so that you can better manage the security and compliance of your dependencies.
Learn about patterns for configuring and maintaining GitHub Actions self-hosted runners on Google Cloud.
As previously announced, beginning November 13th, 2020, we will no longer accept account passwords when authenticating with the REST API and will require the use of token-based authentication (e.g., a…
Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk, a company that uses ZAP to help users fix application security bugs before they hit production. Prior to making the move into security, he was a developer for 25 years and strongly believes that you can’t build secure web applications without knowing how to attack them.
The public roadmap is designed to give your team more information about what features and functionality you can expect from GitHub over the coming quarters.
Protect your team’s code with secure software development best practices like setting up SAML/SCIM integrations, enforcing policies to avoid code leakage, and more.
Last week, the Court of Justice of the European Union (CJEU) ruled the EU-US Privacy Shield, a mechanism governing personal data transfers from the EU to the US, is invalid due to concerns…
Keep dependencies up to date, to make sure you can quickly apply a patch when it really matters – when there’s a critical security vulnerability.
Secret leaks are one of the most common security mistakes, and they can have disastrous consequences. GitHub Secret Scanning looks for leaked secrets in all public repositories, and enrolled private…
GitHub stores your source code, releases, and a vast amount of invaluable information in issues and pull requests. While GitHub Enterprise Server (GHES), our self hosted solution, provides great security by default, administrators can take additional steps to further harden their appliance. This post will guide you through the most important settings.
GitHub dependency insights helps both developers and security teams manage their open source security with confidence—automatically compiling relevant CVE information, aiding in OSS license compliance, and helping them better understand their OSS dependency versions.
We all play a role in securing the world’s code. No one company can solve things alone, including GitHub, which is why it is critical to combine the energies of…
Securing the open source supply chain is critically important for developer communities and the entire software ecosystem. In recent years, the industry has seen an uptick in the adoption of…
In this post I’ll show how input validation which should be used to prevent malformed inputs to enter our applications, open up the doors to Remote Code Execution (RCE).
Code scanning users can now scan their code for vulnerabilities using the GitHub Open Source Static Analysis Runner (OSSAR) action. At GitHub Satellite, we announced code scanning, part of GitHub…
Authentication is a critical component to your daily development. When working in open source, you need to prove that you have rights to update a branch with git push. Additionally…
Last week, GitHub joined over 500 organizations signing a letter to the U.S. Congress seeking continued support for the Open Technology Fund (OTF) and its mission of funding open source…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.
