Tag
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance.
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.
A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.
The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.
When you're fixing a bug, especially a security vulnerability, you should add a regression test, fix the bug, and find & fix variants.
How GitHub uses code scanning to increase developer happiness, and how you can too.
GitHub Enterprise Server 3.1 is now available to download as a release candidate. This release follows the most popular GitHub Enterprise Server release in years. GitHub Enterprise Server 3.0 brought…
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.
Software security doesn't end at the boundaries of your own code. The moment a library dependency is introduced, you're adopting other people’s code and any bugs that come with it.…
Today, we’re making GitHub Enterprise Server 3.0 available as a release candidate. Announced in the GitHub Universe Keynote, it’s the biggest ever change to Enterprise Server, bringing customers: Actions -…
We’ve made huge advances in our security features at GitHub in 2020, with launches for code scanning, secret scanning, Dependabot version updates, dependency review, and more.
Last year at GitHub Universe, we introduced the GitHub Security Lab, which is committed to contributing resources, tooling, bounties, and security research to secure the open source ecosystem. We know…