Tag: Github
-
Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL
Starting today, code scanning autofix will be available in public beta for all GitHub Advanced Security customers. Powered by GitHub …
-
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported to Arm on November 15, 2023 and was fixed …
-
RisePro stealer targets Github users in “gitgub” campaign
Github repositories We identified at least 13 such repositories belonging to a RisePro stealer campaign that was named “gitgub” by the …
-
Keeping secrets out of public repositories
Accidental leaks of API keys, tokens, and other secrets risk security breaches, reputation damage, and legal liability at a mind-boggling …
-
How to stay safe from repo-jacking
“Repo-jacking” is a type of supply chain attack that has received attention for its potential impact on open source software. In this …
-
Build code security skills with the GitHub Secure Code Game
In March 2023, we launched the Secure Code Game, an in-repo learning experience where players fix intentionally vulnerable code, so …
-
Fixing security vulnerabilities with AI
In November 2023, we announced the launch of code scanning autofix, leveraging AI to suggest fixes for security vulnerabilities in users’ …
-
The architecture of SAST tools: An explainer for developers
In today’s age of shifting left—an approach to coding that integrates security checks earlier into the software development lifecycle …
-
GitHub’s Engineering Fundamentals program: How we deliver on availability, security, and accessibility
How do we ensure over 100 million users across the world have uninterrupted access to GitHub’s products and services on a platform that …
-
AppSec is harder than you think. Here’s how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. Most AppSec tools, even those that claim to be …
-
Rotating credentials for GitHub.com and new GHES patches
On December 26, 2023, GitHub received a report through our Bug Bounty Program demonstrating a vulnerability which, if exploited, allowed …
-
GitHub and the Ekoparty 2023 Capture the Flag
As an Ekoparty 2023 sponsor, GitHub once again had the privilege of submitting several challenges to the event’s Capture The Flag (CTF) …
●●●