Increasing developer happiness with GitHub code scanning
How GitHub uses code scanning to increase developer happiness, and how you can too.
GitHub Enterprise Server 3.1 available as a release candidate
GitHub Enterprise Server 3.1 is now available to download as a release candidate. This release follows the most popular GitHub Enterprise Server release in years. GitHub Enterprise Server 3.0 brought…
GitHub Capture the Flag results
Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test. Participants were invited to…
Using GitHub code scanning and CodeQL to detect traces of Solorigate and other backdoors
Last month, a member of the CodeQL security community contributed multiple CodeQL queries for C# codebases that can help organizations assess whether they are affected by the SolarWinds nation-state attack on various parts of critical network infrastructure around the world.
The little bug that couldn’t: Securing OpenSSL
Software security doesn’t end at the boundaries of your own code. The moment a library dependency is introduced, you’re adopting other people’s code and any bugs that come with it.…
GitHub Enterprise Server 3.0 available as a release candidate!
Today, we’re making GitHub Enterprise Server 3.0 available as a release candidate. Announced in the GitHub Universe Keynote, it’s the biggest ever change to Enterprise Server, bringing customers: Actions –…
GitHub security features: highlights from 2020
We’ve made huge advances in our security features at GitHub in 2020, with launches for code scanning, secret scanning, Dependabot version updates, dependency review, and more.
Happy anniversary GitHub Security Lab!
Last year at GitHub Universe, we introduced the GitHub Security Lab, which is committed to contributing resources, tooling, bounties, and security research to secure the open source ecosystem. We know…
Your DevOps guide to GitHub Universe
GitHub Universe is almost here. For more on what to expect from this year’s stream, we sat down with virtual host, Brian Douglas, for a quick Q&A on GitHub Actions,…
Code Scanning a GitHub Repository using GitHub Advanced Security within an Azure DevOps Pipeline
In this blog post we demonstrate how to integrate the GitHub Advanced Security code scanning capability into our Azure DevOps Pipelines. We provide code snippets and examples that can guide you or your developers working to integrate Code Scanning into any 3rd Party CI tool.
Looking back on the GitHub Security Lab Capture The Flag: CodeQL and chill
One year ago, the security research team at Semmle launched its first Capture the Flag (CTF), as part of the Hack In The Box (HITB) Amsterdam conference. We wanted to…
Capture the Flag 4—CodeQL and chill
Join our Capture the Flag challenge to use your CodeQL skills or learn new ones.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
GitHub Universe 2024
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.