Category
Our engineering and security teams have done some incredible work in 2022. Let’s take a look at how we use GitHub to be more productive, build collaboratively, and shift security left.
GitHub now allows you to track any leaked secrets in your public repository, for free. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.
GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more about our approach, when we’ll begin our rollout, and what you can expect as we begin requiring 2FA.
AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.
Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities
This post is the second part in a series about ActiveRecord::Encryption that shows how GitHub upgrades previously encrypted and unencrypted columns to ActiveRecord::Encryption.
A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecurity roles.
As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program.
The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.
You may know that GitHub encrypts your source code at rest, but you may not have known that we encrypt sensitive database columns as well. Read about our column encryption strategy and our decision to adopt the Rails column encryption standard.
The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.
Upgrade your local installation of Git, especially when cloning with --recurse-submodules from untrusted repositories, or if you use git shell interactive mode.
Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens.
Having a robust security plan is key to innovation. These tips will empower you to gain the upper hand on cyberattacks, so you can ship quickly and innovate with ease.
Learn about using GitHub Advanced Security (GHAS) alerts with Security Information and Events Management (SIEM) tools. Check out the integrations, and read more about getting started.