Search results for: Security

An illustration of two octocats repairing a robot.

Yellow security vulnerability repository banner is being removed

Removing the security vulnerability banner The yellow banner stating “We found potential security vulnerabilities in your dependencies” is being removed. Please use the “Security” alert count in your repository navigation…

Security

Cybersecurity spotlight on bug bounty researcher @ahacker1

As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program.

Security

What we learned from the Security Lab’s Community Office Hours

The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.

Changelog

Dependabot can now generate security and version updates for Yarn v2 and v3

Dependabot has added support for updating dependencies in Yarn v2 and Yarn v3 manifests (package.json, and yarn.lock files). This is in addition to the existing support for Yarn v1. There…

Git

Git security vulnerabilities announced

Upgrade your local installation of Git, especially when cloning with –recurse-submodules from untrusted repositories, or if you use git shell interactive mode.

Application security

5 tips for embedding security into your workflows

Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease.

News & insights

Introducing GitHub Advanced Security SIEM integrations for security professionals

Learn about using GitHub Advanced Security (GHAS) alerts with Security Information and Events Management (SIEM) tools. Check out the integrations, and read more about getting started.

Changelog

New enterprise policies for code security

Enterprise owners can now configure whether repository administrators can enable or disable Dependabot alerts. If you are owner of an enterprise with GitHub Advanced Security, you can now also set…

Security

GitHub’s supply chain security features now support Dart

Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.

News & insights

Detect secrets in your code more accurately with dry runs for custom patterns now available in GitHub Advanced Security

Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security.

Changelog

Dependabot security updates removes unneeded transitive dependencies

When resolving security alerts for vulnerable transitive npm dependencies, it is possible that updating a direct dependency will remove the vulnerable transitive dependency from the tree. Dependabot can now resolve…

Company news

Security alert: new phishing campaign targets GitHub users

On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.

Changelog

Update and configure code security enablement settings via the organization REST API

At the organization level, you can now view (GET) and update (PATCH) enablement status as well as configure the setting to automatically enable new repositories for the following GitHub security…

Company news

What you can expect at GitHub Universe 2022: cloud, security, community, and AI

Register now to attend GitHub Universe virtually or in-person at the Yerba Buena Center for the Arts in San Francisco on November 9-10.

Changelog

False-alert flags will appear in users security log due to a bug in 2FA recovery events

Users with 2FA enabled may see false-alert flags in their security log for recovery_code_regenerated events between July 15 and August 11, 2022. These events were improperly emitted during an upgrade…

Changelog

Security overview is now available to all GitHub Enterprise users

We’ve expanded access to GitHub’s security overview pages in two ways: All GitHub Enterprise accounts now have access to the security overview, not just those with GitHub Advanced Security All…

Security

New request for comments on improving npm security with Sigstore is now open

Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.

Enterprise software

All GitHub Enterprise users now have access to the security overview

Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.

Changelog

The world's largest developer platform

Docs

Everything you need to master GitHub, all in one place.

Go to Docs

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Start building

Customer stories

Meet the companies and engineering teams that build with GitHub.

Learn more

The GitHub Podcast

Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.

Listen now

Search results for: Security

Yellow security vulnerability repository banner is being removed

Cybersecurity spotlight on bug bounty researcher @ahacker1

What we learned from the Security Lab’s Community Office Hours

Dependabot can now generate security and version updates for Yarn v2 and v3

Git security vulnerabilities announced

5 tips for embedding security into your workflows

Introducing GitHub Advanced Security SIEM integrations for security professionals

New enterprise policies for code security

GitHub’s supply chain security features now support Dart

Detect secrets in your code more accurately with dry runs for custom patterns now available in GitHub Advanced Security

Dependabot security updates removes unneeded transitive dependencies

Security alert: new phishing campaign targets GitHub users

Update and configure code security enablement settings via the organization REST API

What you can expect at GitHub Universe 2022: cloud, security, community, and AI

False-alert flags will appear in users security log due to a bug in 2FA recovery events

Security overview is now available to all GitHub Enterprise users

New request for comments on improving npm security with Sigstore is now open

All GitHub Enterprise users now have access to the security overview

REST API now available for the organization-level security manager role (Public Beta)

Introducing even more security enhancements to npm

How the GitHub Security Team uses projects and GitHub Actions for planning, tracking, and more

The world's largest developer platform

Docs

GitHub

Customer stories

The GitHub Podcast