GitHub Security

@GitHubSecurity

GitHub Security Team

Everywhere software is built
github.com/security
Joined July 2013
8 Photos and videos Photos and videos

Tweets

You blocked @GitHubSecurity

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @GitHubSecurity

  1. Apr 7

    More cowbell? Well, yes, always but MORE events in audit log? YESSSSSS!

    Secret scanning custom pattern events now in the audit log
    2 retweets 2 likes
    Undo
  2. Apr 5

    The CodeQL runner has been deprecated in favor of the CodeQL CLI. This deprecation only affects users who use CodeQL code scanning in 3rd party CI/CD systems; GH Actions are not affected. Read more on the Changelog.

    CodeQL runner is now deprecated
    2 likes
    Undo
  3. Retweeted
    Apr 5

    Secret scanning webhooks for alert locations

    3 retweets 9 likes
    Undo
  4. Retweeted
    Apr 4

    Secret scanning prevents secret leaks with protection on push

    4 retweets 17 likes
    Undo
  5. Apr 1

    In March, we received a record-breaking 182 bounty reports, surpassing the 179 reports received during our Live Hacking Event at DEFCON27 in August 2019! March bounty stats: ✅Closed 191 reports 💰Awarded $127,051 in bounties 👫131 hackers participated in our program

    3 retweets 16 likes
    Undo
  6. Retweeted
    Mar 28

    Our latest guide walks you through securing your software supply chain end-to-end, and gives you tips on how to get started on your security journey 🛣️

    3 replies 23 retweets 81 likes
    Undo
  7. Mar 28

    GitHub's Compliance reports are a Documented Feature of GHEC!

    1 like
    Undo
  8. Retweeted
    Mar 28

    Supabase is now a GitHub secret scanning partner

    3 retweets 15 likes
    Undo
  9. Retweeted
    Mar 23

    We’re launching a series of office hours for open source maintainers! Do you need advice to secure your project’s code? Grab some time to chat with our team. Spots are limited and run until end of April

    1 reply 33 retweets 47 likes
    Undo
  10. Retweeted
    Mar 22

    Ever feel like you wanted to only install packages that were at least a week old... npm install --before="$(date -v -7d)"

    9 replies 30 retweets 170 likes
    Show this thread
    Show this thread
    Undo
  11. Mar 18

    Seeking security champion to support GitHub’s engineering teams in our journey to be our own best customers of CodeQL and Dependabot

    3 retweets 3 likes
    Undo
  12. Mar 17

    Want to secure the platform of the largest open source community in the world? We'd love to hear from you

    2 retweets 1 like
    Undo
  13. Mar 17

    Are you excited by large scale security data to help protect the largest open source community? Apply now

    1 retweet 1 like
    Undo
  14. Mar 16

    Oh no. Earworm of the week!

    pronouncing "boolean" like "jolene" is my toxic developer trait
    4 likes
    Undo
  15. Retweeted
    Mar 15

    We are hiring a Senior Security Researcher! Are you excited to help secure open source software? Let's talk!

    1 reply 18 retweets 54 likes
    Undo
  16. Retweeted
    Mar 15

    I'll come out of twitter retirement to promote a great spot on a fantastic team, I spent 2 years on the security lab team (moved to prodsec) and 10/10 would grep for memcpy again:

    2 replies 23 retweets 103 likes
    Undo
  17. Mar 15

    As of today we've stopped accepting DSA keys. RSA keys uploaded after Nov 2, 2021 will work only with SHA-2 signatures. The deprecated MACs, ciphers, and unencrypted Git protocol are permanently disabled.

    8 retweets 14 likes
    Undo
  18. Retweeted
    Mar 4

    All npm accounts are now enrolled in login verification

    6 retweets 20 likes
    Undo
  19. Retweeted
    Mar 4

    Security overview for enterprise in beta

    1 retweet 3 likes
    Undo
  20. Mar 11

    This change reduces the likelihood of Apps being used in phishing attacks against GitHub users.

    Opt in needed to keep OAuth Device Authorization Flow working
    6 likes
    Undo

@GitHubSecurity hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·