Search results for: Security

A new set of Git releases were published to address a variety of security vulnerabilities. All users are encouraged to upgrade. Take a look at GitHub’s view of the latest round of releases.

Available in public beta today, the security coverage page now includes multi-repository enablement, which lets you enable or disable security features across several repositories at once. This feature improves upon…

You can now programmatically view and act on repository advisories via a new REST API. New endpoints to create, view, list, and update advisories are available to all. Additionally, new…

We’ve recently released a few improvements to the slide-out enablement panel on the security coverage page in security overview: Active committers for the repository are now visible, providing insight into…

You can now enable the “security extended” query suite for repositories using code scanning default setup with CodeQL. This query suite can be selected during set up, or changed at…

Learn about using GitHub Advanced Security alerts with vulnerability management tools. Check out the integrations and learn about how to get started.

On March 13, we will officially begin rolling out our initiative to require all developers who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Read on to learn about what the process entails and how you can help secure the software supply chain with 2FA.

Multi-repository variant analysis lets you scale security research across thousands of repositories, giving you a powerful tool to find and respond to newly discovered vulnerabilities.

Learn how teams can leverage the power of GitHub Advanced Security’s code scanning and GitHub Actions to integrate the right security testing tools at the right time.

You can now designate different types of credits to users who contribute to GitHub security advisories. These new credit types mirror those in the CVE 5.0 schema: finder reporter analyst…

The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform’s authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform.

Code scanning default setup can now be easily enabled for a single repository from the slide-out panel on your organization’s “Security Coverage” page, without needing to navigate to the repository’s…

Git users are encouraged to upgrade to the latest version, especially if they use `git apply` or `git clone` against untrusted patches or repositories.

How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.

Git users are encouraged to upgrade to the latest version, especially if they use `git archive`, work in untrusted repositories, or use Git GUI on Windows.

In security overview, when you select a team from the Team dropdown or filter by team in either the security risk or the security coverage views, results include repositories where…

You can now view (GET) the security feature enablement status for all repositories in your organization using the “list organization repositories” endpoint in the REST API for the following security…

With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.

GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more about our approach, when we’ll begin our rollout, and what you can expect as we begin requiring 2FA.

We’ve shipped improvements to the billing pages for GitHub Advanced Security so it is easier for you to see how many licenses you are using. You can now see how…

The organization-level security overview page has been replaced by the risk and coverage views as previously announced and is no longer available. The risk view is designed to help you…