The next installment of 's OWASP series is live! Learn to keep your database access secure with our deep dive into OWASP Proactive Control C3.
Follow
GitHub Security
@GitHubSecurity
GitHub Security Team
GitHub Security’s Tweets
GitHub is looking for a Junior Security Researcher to join our Security Lab team. As a member of the GitHub Security Lab you will make a direct impact on the security of the open source software the world depends on. boards.greenhouse.io/github/jobs/38 #InfoSecJobs #Hiring #RemoteJob
2
16
27
GitHub Mobile 2FA will be available to all GitHub users in the App Store and Play Store this week.
7
15
Another product update that should make your auditors go
GIF
Quote Tweet
Additional fields when exporting user details github.blog/changelog/2022
1
4
Catch GitHub's own on DevSecOps and closing the security gap with developers, tomorrow 11 AM ET ow.ly/222m50HybnF
Quote Tweet
DevSecOps is a team sport. This Friday, join HackerOne’s @senorarroz and GitHub’s @gose1 for an inside look at a tried and true DevSecOps program, and the critical role ethical hackers play. ow.ly/222m50HybnF
5
7
Audit log streaming is generally available for enterprise users!
Quote Tweet
Audit log streaming is generally available github.blog/changelog/2022
1
4
Topics to follow
Sign up to get Tweets about the Topics you follow in your Home timeline.
Carousel
Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4 | The GitHub Blog
1
2
9
. Scorecard V4 is out: 1M repos scanned, new Dangerous-Workflow check and a GitHub Action that integrates with GitHub code scanning dashboard! Read more on the blog: openssf.org/blog/2022/01/1
20
26
View code scanning alerts across an organization
7
13
GitHub’s SSH host keys are now published in the API
11
12
Secret scanning enterprise-level REST API
1
9
Updates to the Checks Data Retention Policy
1
5
GitHub Actions: Prevent GitHub Actions from approving pull requests
16
35
Security-focused improvements for npm
1
5
17
The security of open source is critical to the security of all software. Today and I are joining other industry leaders at the to share how we can tackle open source security together as a community. Read more on what we’re sharing:
1
47
110
we just shipped a number of security-focused improvements to npm including:
- naming access tokens
- enforcing 2FA in your npm orgs
- improved auditing for 2FA adoption in orgs
- selecting teams when adding new org members
read more in our Changelog ⬇️
2
27
53
GitHub Enterprise Cloud Enterprise Owners Now Viewable at Organization Level
1
4
9
Less than one week left to apply for the #MiCLEAD program sponsored by !
Only the first 50 applications will be considered. Only 15 selected!
Apply here before the December 31st deadline: mincybsec.org/mic-lead
4
5
To all the Support and Security teams who've been working round the clock to surface answers and protect systems - we see you!
A big thank you to our Supportocats, and others like them, who've been on the front line this week.
GIF
2
31
2
4
An update to GitHub’s response to Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 github.blog/2021-12-13-git
Quote Tweet
GitHub’s response to the Log4j vulnerability: github.blog/2021-12-13-git
9
25
Advisory Database now includes an Unreviewed Advisories section
2
15
Secret scanning permissions can now be configured as part of custom repository roles
5
10
Learn how to define robust project security requirements in the new installment of our OWASP proactive controls series
16
51
As security teams globally work to assess Log4j exposure and patch, GitHub’s Dependabot can help by quickly identifying explicit vulnerable dependencies.
1
23
84
Audit log streaming beta update – Google Cloud Storage support
3
8
In order to better protect the software supply chain, npm registry, and broader JavaScript ecosystem, we're starting the process of requiring 2FA on npm. You can learn more about next steps here: github.blog/2021-12-07-enr
Quote Tweet
continuing our commitment to npm security with the introduction of new enhanced login verification and timeline for two-factor authentication enforcement github.blog/2021-12-07-enr
Show this thread
1
16
44
continuing our commitment to npm security with the introduction of new enhanced login verification and timeline for two-factor authentication enforcement
10
57
169
Show this thread
Shift left with our deep dive into the OWASP Proactive Controls Top 10
1
33
116
Today, we’re happy to announce that we have integrated sigstore support for container image signing into the GitHub Actions starter workflow, so that developers can sign their container images by default.
1
11
31
Typeform is now a GitHub secret scanning partner
5
20
Security controls, like swords, should only be as heavy as they need to be to provide strength. Configurable timeouts, working FOR the workflows they are trying to protect, are a good thing.
Quote Tweet
Codespaces now have a configurable idle timeout github.blog/changelog/2021
2
9
Security is more fun with a team, won't you join us? We're hiring! Check out our current open roles with more coming soon! github.com/about/careers #InfoSecJobs #Hiring
13
22
Secret scanning REST API now surfaces locations
3
8
GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on. securitylab.github.com boards.greenhouse.io/github/jobs/36 #OneSecurityTeam #InfoSecJobs #Hiring
1
1
This Friday and I will interview 4 super-talented security professionals about their approach to SAST. Specifically, the team of MercadoLibre, LATAM’s leading marketplace with 132M active users! 🇦🇷🇦🇷🇦🇷
6
8