GitHub Security

@GitHubSecurity

GitHub Security Team

Everywhere software is built
github.com/security
Joined July 2013
2 Photos and videos Photos and videos

Tweets

You blocked @GitHubSecurity

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @GitHubSecurity

  1. Dec 17

    An update to GitHub’s response to Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

    GitHub’s response to the Log4j vulnerability:
    9 retweets 25 likes
    Undo
  2. Retweeted
    Dec 16

    Advisory Database now includes an Unreviewed Advisories section

    2 retweets 14 likes
    Undo
  3. Retweeted
    Dec 13

    Secret scanning permissions can now be configured as part of custom repository roles

    2 retweets 10 likes
    Undo
  4. Retweeted
    Dec 14

    Learn how to define robust project security requirements in the new installment of our OWASP proactive controls series

    18 retweets 54 likes
    Undo
  5. Dec 14

    As security teams globally work to assess Log4j exposure and patch, GitHub’s Dependabot can help by quickly identifying explicit vulnerable dependencies.

    1 reply 23 retweets 84 likes
    Undo
  6. Dec 13

    GitHub’s response to the Log4j vulnerability:

    2 replies 39 retweets 86 likes
    Undo
  7. Retweeted
    Dec 8

    Audit log streaming beta update – Google Cloud Storage support

    3 retweets 8 likes
    Undo
  8. Retweeted
    Dec 7

    In order to better protect the software supply chain, npm registry, and broader JavaScript ecosystem, we're starting the process of requiring 2FA on npm. You can learn more about next steps here:

    continuing our commitment to npm security with the introduction of new enhanced login verification and timeline for two-factor authentication enforcement
    1 reply 15 retweets 46 likes
    Undo
  9. Retweeted
    Dec 7

    continuing our commitment to npm security with the introduction of new enhanced login verification and timeline for two-factor authentication enforcement

    7 replies 44 retweets 152 likes
    Undo
  10. Retweeted
    Dec 6

    Shift left with our deep dive into the OWASP Proactive Controls Top 10

    1 reply 29 retweets 117 likes
    Undo
  11. Dec 6

    Today, we’re happy to announce that we have integrated sigstore support for container image signing into the GitHub Actions starter workflow, so that developers can sign their container images by default.

    1 reply 11 retweets 31 likes
    Undo
  12. Retweeted
    Dec 2

    Typeform is now a GitHub secret scanning partner

    4 retweets 20 likes
    Undo
  13. Dec 3

    Mona the Octocat approves!

    14 likes
    Undo
  14. Dec 2

    Security controls, like swords, should only be as heavy as they need to be to provide strength. Configurable timeouts, working FOR the workflows they are trying to protect, are a good thing.

    Codespaces now have a configurable idle timeout
    2 retweets 9 likes
    Undo
  15. Dec 1

    Security is more fun with a team, won't you join us? We're hiring! Check out our current open roles with more coming soon!

    Screen grab of https://github.com/about/careers and the 11 openings currently listed.
    12 retweets 22 likes
    Undo
  16. Retweeted
    Dec 1

    Secret scanning REST API now surfaces locations

    3 retweets 8 likes
    Undo
  17. Dec 1

    GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.

    1 retweet 1 like
    Undo
  18. Retweeted
    Dec 1

    This Friday ⁦ and I will interview 4 super-talented security professionals about their approach to SAST.⁩ Specifically, the team of MercadoLibre, LATAM’s leading marketplace with 132M active users! 🇦🇷🇦🇷🇦🇷

    6 retweets 8 likes
    Undo
  19. Nov 30

    REMINDER: On December 1st, 2021, account recovery tokens stored using Recover Accounts Elsewhere will no longer be accepted as a recovery option when contacting GitHub Support to recover access to your account.

    Deprecation Notice: Recover Accounts Elsewhere
    4 retweets 9 likes
    Undo
  20. Retweeted
    Nov 30

    Team sync for Okta is now generally available

    1 reply 3 retweets 14 likes
    Undo

@GitHubSecurity hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·