Home / bug bounty

bug bounty

Rotating credentials for GitHub.com and new GHES patches

GitHub received a bug bounty report of a vulnerability that allowed access to the environment variables of a production container. We have patched GitHub.com and rotated all affected credentials. If you have hardcoded or cached a public key owned by GitHub, read on to ensure your systems continue working with the new keys.

Bug bounty graphic

GitHub’s revamped VIP Bug Bounty Program

GitHub’s VIP Bug Bounty Program has been updated to include a clear and accessible criteria for receiving an invitation to the program and more. Learn more about the program and how you can become a Hacktocat, and join our community of researchers who are contributing to GitHub’s security with fun perks and access to staff and beta features!

The world's largest developer platform

Docs

Docs

Everything you need to master GitHub, all in one place.

GitHub

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Customer stories

Customer stories

Meet the companies and engineering teams that build with GitHub.

GitHub Universe 2024

GitHub Universe 2024

Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.