GitHub Enterprise Cloud customers can access IP addresses for audit log entries for enterprise owned assets
Follow
GitHub Security
@GitHubSecurity
GitHub's Security Team.
GitHub Security’s Tweets
Introducing the new npm Dependency Selector Syntax
6
18
GitHub is investigating the Tweet published Wed, Aug. 3, 2022:
* No repositories were compromised
* Malicious code was posted to cloned repositories, not the repositories themselves
* The clones were quarantined and there was no evident compromise of GitHub or maintainer accounts
11
800
2,337
Privacy statement updates: Adding web cookies to enterprise marketing subdomains
2
3
Debugging CodeQL analysis in code scanning made easier by obtaining detailed logs and debugging artifacts from the CodeQL Action
3
12
REST API now available for the organization-level security manager role (Public Beta)
3
8
Topics to follow
Sign up to get Tweets about the Topics you follow in your Home timeline.
Carousel
🐰🐇🐰🐇 New month means it's time for our latest GitHub Security Bug Bounty report! July bug bounty stats:
✅Closed 146 reports
💰Awarded $4,200 in bounties
👫101 hackers participated in our program
1
4
16
This requirement still stands and will for Blue Team Con 2022.
Please bring vaccination proof to show at registration and plan to wear a mask in the conference areas.
Quote Tweet
Blue Team Con 2022 will require:
- Full vaccination as per CDC guidelines for any authorized ages; and
- Masks will be required to be worn throughout the entire conference at all times, except while eating and drinking or if you are a speaker and are currently presenting.
3
10
59
In this post "Corrupting memory without memory corruption" is showing how a powerful kernel bug, CVE-2022-20186, can be used to root a Pixel 6 from a malicious app
1
49
121
A new npm `audit signatures` command to verify npm package integrity
4
10
General Availability of improved 2FA experience in npm
2
5
Deprecation alert
Quote Tweet
GitHub Actions The macOS 10.15 Actions runner image is being deprecated and will be removed by 8/30/22 github.blog/changelog/2022
1
6
Very happy to be sponsoring Childcare Village
Quote Tweet
A reminder of our FREE childcare village (well, $5/day to ensure serious purchases and as part of the sitters’ tip).
There are VERY limited spots left. Ensure to snag them now if you are interested.
Blue Team Con is dedicated to being a family-friendly event. See @Hak4Kidz too! twitter.com/BlueTeamCon/st…
Show this thread
3
12
GitHub's Bug Bounty team just hit 1000 reports resolved! ✨🎉✨🎉✨🎉
6
5
107
Dependabot alerts paused for malware advisories
2
4
9
Looking forward to sharing out the Live Hacking Event stats soon!
GIF
read image description
ALT
3
Show this thread
Here are June's GitHub Security bug bounty stats:
✅Closed 104 reports
💰Awarded $10,100 in bounties
👫87 hackers participated in our program
Yes, these stats LOOK a little low compared to last month (twitter.com/GitHubSecurity) as our focus was on our Live Hacking Event...
Quote Tweet
With a total of 176 bounty reports submitted, May was close to beating our record 182 reports submitted in March! Here are our May bug bounty stats:
Closed 155 reports
Awarded $30,519 in bounties
128 hackers participated in our program
Closed 155 reports
Awarded $30,519 in bounties
128 hackers participated in our programShow this thread
1
8
Show this thread
Improved innersource collaboration and enterprise fork policies
1
3
14
GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect (OIDC)
5
15
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
4
13
GitHub Advisory Database now includes Erlang and Elixir advisories
3
10
We're proud of you and your team!
Quote Tweet
Really incredibly proud of the work my team has done over the past 2 weeks on #h1512! Thank you hackers for your wonderful reports. Thank you @Hacker0x01 for putting it all together 
5
Congratulations to all of the #H1512 award winners! 🏆 Check ‘em out!
1st Place: ajxchapman
2nd Place: not-an-aardvark
Best Team Collaboration: ajxchapman, the_arch_angel, jon_bottarini
Exterminator (Best Bug of the Event): ajxchapman
Most Valuable Hacker: ajxchapman
11
16
186
#H1512 is in the books! 📚 A big shoutout to all of our amazing hackers who came out to #hackforgood with . Today was incredible!
9
66
Howdy from Austin, Texas, y’all! 🤠 #H1512 in partnership with is underway. Everyone is heads down and doing what they do best. #hackforgood
1
5
70
In addition to bringing their A-game for LIVE bug hunting #h1512, and bounty hunters are delivering some spot on memes:
1
5
71
Show this thread
⛓️ Supply Chain
and SLSA L4
documentation.suse.com/sbp/server-lin
Mitigating malicious Terraform
about.gitlab.com/blog/2022/06/0
Find hijackable NPM packages
github.com/firefart/npmdo
How uses Dependabot at GitHub
1
1
4
Show this thread
Mistakes are the most common cause of vulnerabilities in open source software, but not the only cause. GitHub Advisory Database will now publish malware occurrences to combat the prevalence of malware in OSS.
19
40
Last week, we kicked off #h1512, a live hacking event with bringing hackers together to #hackforgood! All day Thursday, 06/16 we’ll be here giving you the latest updates live from Austin, Texas!
1
11
75
In our latest blog post, we continue our exploration of the OWASP Proactive Controls. How can we robustly assert and identify a user’s identity?
5
14
Join GitHubSecurity’s own for his session Git Good With Splunk next week at Splunk Conf! We’re now excited for him to show the world how GitHub[.]com lets you manage Splunk cluster configuration at scale. conf.splunk.com/sessions-virtu
2
+1 ( and John's team awesome), we also have a role available for APAC on our partners team Here is the posting
1
5
Replying to
is hiring roles across Product Security, SecOps and more! I'm happy to chat about boards.greenhouse.io/github/jobs/41 if you're interested
2
3
7
Secret scanning’s REST API endpoints now support sorting github.blog/changelog/2022
1
6
All historical NVD advisories are now listed on GitHub
3
10
