Security

It was another record year for our Security Bug Bounty program! We’re excited to highlight some achievements we’ve made together with the bounty community in 2022!

Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.

Now you can create tokens with fine-grained permissions for automating your publishing and organization management workflows. And a new code explorer allows you to view content of a package directly in the npm portal.

See what we’re building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease.

You can now build your agenda on GitHubUniverse.com! Whether you’re just getting started or you’re a seasoned industry professional, there’s a session for you.

Explore 80+ content sessions delivered by over 120 different speakers, across two days and four content tracks, all designed to level up your skills.

GitHub Universe is back and more robust than ever, with two great ways to engage with everything this global developer event has to offer.

Here are some actionable tips on how to ask your manager to send you to GitHub Universe this year—with a free template included!

Register now to attend GitHub Universe virtually or in-person at the Yerba Buena Center for the Arts in San Francisco on November 9-10.

Can projects and GitHub Actions be used by your non-developer teams? They absolutely can. Check out how our Security Team uses GitHub to run the department effortlessly.

We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.

To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.

We’re excited to announce that we’re open sourcing our Identity and Access Management solution: Entitlements.

It was another record year for our Security Bug Bounty program. We’re excited to highlight some achievements we’ve made together with the bounty community from 2021!

GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices.