Removing the stigma of a CVE
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.
Resources for securing your supply chain, building more secure applications, and staying up-to-date with the latest vulnerability research. Get comprehensive insights into the latest security trends—and news from the GitHub Security Lab. You can also check out our documentation on code security on GitHub to find out how to keep your code and applications safe.
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy.
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user…
If there’s one habit that can make software more secure, it’s probably input validation. Here’s how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.
A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.
Practical tips on how to apply OWASP Top 10 Proactive Control C4.
A comprehensive guide for vulnerability reporters.
A deep dive into how GitHub adds support for new languages to CodeQL.
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.