Seven years of the GitHub Security Bug Bounty program
GitHub’s bug bounty program is now a mature component of how we improve product security. We’re excited to highlight some achievements (and interesting vulnerabilities)!
GitHub’s bug bounty program is now a mature component of how we improve product security. We’re excited to highlight some achievements (and interesting vulnerabilities)!
We’re excited to announce the newest addition to the Student Developer Pack, the GitHub Virtual Event Kit! Access the best virtual event tools in one place at no cost.
Announcing new beta features for GitHub Issues for better planning and tracking of your projects in GitHub, including project tables, task lists, and issue forms.
We recently set about creating a framework and service for automatically generating social sharing images for repositories and other resources on GitHub.
Throughout the beta, we added features to improve the experience of using the Container registry. Today, we’re excited to announce that the Container registry is generally available as part of GitHub Packages!
The latest version of GitHub Desktop allows you to squash commits, squash and merge, reorder, amend your last commit, check out a branch from a previous commit, and more.
What began as a small group effort in 2015 has now turned into a global initiative here at GitHub to amplify Black voices and talent in the tech community.
In May, GitHub shipped a total of 20 new features. We love what we do, but we know it’s a lot to keep up with. So we’re trying something new on the GitHub Blog—a monthly recap of everything that shipped to Changelog in the past month. Check out some of the updates you might have missed.
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit. As a member of GitHub Security Lab, my job is to help improve the security of open source software by finding and reporting vulnerabilities. A few weeks ago, I found a privilege escalation vulnerability in polkit.
GitHub secret scanning has been securing our users’ code by scanning for and revoking secrets since 2015. Recently, we’ve focused on scanning for package registry credentials as well—a significant and important expansion on our original