Search results for: actions

The GitHub Services Engineers have released the Advanced Security Enforcer GitHub Action to enable organizations to utilize code scanning in a consistent and automated way.

A public beta of the new GitHub Issues, a “security manager” role for organizations, a command palette beta, and lots more.

GitHub puts the needs of developers at the core of our content moderation policies. Learn more about our approach and how you can contribute.

The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.

Here are a few ways our teams use GitHub Discussions internally to build community, simplify workflows, and get key insights into our work.

The new sparse index feature makes it feel like you are working in a small repository when working in a focused portion of a monorepo.

The GitHub Enterprise Server 3.3 Release Candidate is available. This release contains a broad range of features and enhancements across the platform including GitHub Actions, Security, and a host of…

This latest release sees the introduction of a new role, a new webhook for GitHub Actions, and a bright edge to dark mode.

This morning, I sent the following post to the GitHub team. TL;DR: I’m moving on to my next adventure, and Thomas Dohmke (currently Chief Product Officer) will be GitHub’s next CEO.

This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project.

Since we introduced the new GitHub Issues earlier this year in a private beta, we’ve been working hard to expand access to all developers in order to make GitHub the…

Since last year’s GitHub Universe, we’ve shipped more than 20,000 improvements to GitHub for developers, open source communities, and enterprise teams. Here’s a comprehensive overview of what we’re announcing at Universe this week.

GitHub Marketplace just passed 10,000 published actions! Learn about contributing to this growing open source ecosystem.

Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.

This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

We sat down with Universe hosts Lorena Mesa and Jarryd McCree for a quick Q&A to help you make the most out of your conference experience this year.

On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client – GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys.

GitHub Secret Scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and fraudulent uses of secrets that…

GitHub Releases has a new look and updated tools to make it easier for open source communities to create and share high-quality releases with auto-generated release notes.

GitHub’s bug bounty team is excited to kick off Cybersecurity Awareness Month with a spotlight on two security researchers who participate in the GitHub Security Bug Bounty Program.

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.