Search results for: repository

Developers care about security, but poorly integrated tools and other factors can cause frustration. Here are five best practices to reduce friction.

GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data…

Use CodeQL threat model settings for Java (beta) to adapt CodeQL’s code scanning analysis to detect the most relevant security vulnerabilities in your code. No two codebases are the same…

Take CODEOWNERS and GitHub teams to the next level. Learn about how GitHub engineering solves the age old problem of who owns what.

Read a round-up of the exciting, new innovation coming from GitHub Enterprise.

Hacktoberfest has wrapped up, GitHub Universe has come to a close, and our community has been super hard at work. All the while people enjoyed turkey over Thanksgiving in the…

Code scanning default setup is now available for self-hosted runners on GitHub.com. To use default setup for code scanning, assign the code-scanning label to your runner. Default setup now uses…

Today’s changelog brings you the general availability (GA) of organization project templates. 🎨 Organization project templates We’ve shipped exciting updates that allow you to quickly create, share, and use project…

In the secret scanning list view, you can now apply a filter to display alerts that are the result of having bypassed push protection. This filter can be applied at…

This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.

We’ve added new improvements to default setup, including automatically scheduling scans on repositories and support for all CodeQL covered languages.

In January, GitHub Classroom will begin a public beta that will change the way student repositories are created from starter code repositories. Currently, starter code repositories must be template repositories,…

Read a roundup of the exciting, new innovation coming from GitHub Actions.

Reduce pull request noise and fix multiple security alerts at once with Dependabot grouped security updates. Starting today, you can enable grouped security updates for Dependabot at the repository or…

Discover the latest trends and insights on public software development activity on GitHub with the release of Q2 2023 data for the Innovation Graph.

Using CVE-2023-43641 as an example, I’ll explain how to develop an exploit for a memory corruption vulnerability on Linux. The exploit has to bypass several mitigations to achieve code execution.

In October, we launched the beta of Repository Custom Properties, enabling you to attach key-value pairs to repositories in your organizations. Among many scenarios, one of the key components we…

GitHub Enterprise Server 3.11 is generally available GitHub Enterprise Server 3.11 is now generally available. With this version, customers have access to tools and features that provide a better understanding…

Customers using GitHub Enterprise Server can gain more insight and understanding into the security of their code.

Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.

Users of secret scanning can now view any new secrets exposed in a discussion’s title, description, or comments within the UI or the REST API. This expanded coverage will also…