GitHub Security

@GitHubSecurity

GitHub's Security Team.

Everywhere software is built
github.com/security
Joined July 2013
9 Photos and videos Photos and videos

Tweets

You blocked @GitHubSecurity

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @GitHubSecurity

  1. 4 hours ago

    Features like code scanning and Dependabot can help protect against some of the most common vulnerabilities we see in the software ecosystem. We’re defining some of the key vulnerabilities we’ve seen lately and how GitHub can help developers be more secure.

    Security doesn’t need to be a foreign language. We’re breaking down some of the most common security vulnerabilities, so we can all be more fluent in and prepared for the next one.
    3 likes
    Undo
  2. Retweeted
    Apr 28

    Secret scanning now prevents secret leaks in web commits

    8 retweets 18 likes
    Undo
  3. Retweeted
    May 3

    GitHub Actions: Prevent GitHub Actions from creating and approving pull requests

    5 retweets 16 likes
    Undo
  4. Retweeted
    22 hours ago

    Check out our latest Availability Report with updates on GitHub status over the past month.

    6 retweets 36 likes
    Undo
  5. May 5

    In case you missed it: has released the recording of the first Scaling AppSec Event on their YT, here:

    Join the security teams and for an exciting virtual event Apr 28 3:00pm-5:00pm PDT to discuss Scaling AppSec with your Application Security practitioner colleagues!
    3 retweets 4 likes
    Undo
  6. May 4

    Securing the software supply chain begins with the developer and we’re committed to raising the bar on account security. Today we’re announcing that users who contribute code on  will be required to enable 2FA by the end of 2023.

    3 replies 48 retweets 97 likes
    Undo
  7. May 2

    April was another strong month for GitHub's Bug Bounty! We shipped our first report that got assigned a CVE (for this and future write-ups see ), we also: ✅Closed 166 reports 💰Awarded $66,185 in bounties 👫112 hackers participated in our program

    1 retweet 8 likes
    Undo
  8. Apr 27

    As of 5:00 PM UTC on April 27, 2022: Sharing the pattern of attacker activity on GitHub; we are in the process of sending the final expected notifications to GitHub[dot]com customers who had either the Heroku or Travis CI OAuth app integrations authorized.

    2 retweets 5 likes
    Show this thread
    Show this thread
    Undo
  9. Apr 22

    April 22, 2022 update: As of 7:33 PM UTC on April 22, 2022, GitHub has notified victims of this campaign whom we have identified as having repository details listed using stolen OAuth app tokens, but did NOT have repository contents downloaded.

    1 reply 2 retweets 7 likes
    Show this thread
    Show this thread
    Undo
  10. Retweeted
    Apr 22

    Being transparent about potential security vulnerabilities helps increase trust in your project. We believe it's much better to request a CVE and publish a security advisory than to stay silent and hope for the best, even for low severity vulnerabilities.

    6 replies 46 retweets 95 likes
    Undo
  11. Apr 22

    Inclusion is a key ingredient in security. 👏 New Protanopia & Deuteranopia colorblind themes for red/green color blindness are now available to all github(dot)com users in a public beta.

    1 reply 5 likes
    Undo
  12. Apr 21

    Join the security teams and for an exciting virtual event Apr 28 3:00pm-5:00pm PDT to discuss Scaling AppSec with your Application Security practitioner colleagues!

    1 reply 7 retweets 11 likes
    Undo
  13. Apr 18

    As of 9:30 PM UTC on April 18, 2022, we’ve notified victims of this campaign whom we have identified as having repository contents downloaded by an unauthorized party through abuse of third-party OAuth user tokens maintained by Heroku and Travis CI.

    1 reply 9 retweets 20 likes
    Show this thread
    Show this thread
    Undo
  14. Apr 15

    GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users.

    25 replies 837 retweets 1,124 likes
    Show this thread
    Show this thread
    Undo
  15. Apr 15

    Dependabot alerts now show if your repository code is calling known vulnerable functions from the dependency's vulnerability.

    Dependabot alerts show vulnerable function calls (Python Beta)
    1 reply 2 retweets 15 likes
    Undo
  16. Apr 14

    We are excited to announce a new step for our bug bounty program. Going forward we will be publishing reports that get assigned a CVE (limited disclosure on )! Find our first report (and future ones!) on our Bounty page:

    2 replies 17 retweets 90 likes
    Undo
  17. Apr 12

    Happy to be a returning sponsor this year to support the growth, recruiting, and diversity opportunities presented . See you in Chicago in August! (With stickers of course!)

    Blue Team Con is pleased to welcome as a Silver Sponsor and several Villages Sponsor, such as the Unconference, Childcare, Wellness, and more of Blue Team Con 2022!
    1 retweet 14 likes
    Undo
  18. Retweeted
    Apr 11

    Blue Team Con 2022 is pleased to announce the Career Village. Looking for your next move or way in? Did your job require you to come back to the office? Come to this village for: - Advice - Mock Interviews - Resume Reviews See more: More villages TBA.

    5 retweets 14 likes
    Undo
  19. Apr 11

    A small but important policy feature for furthering compliance and access controls.

    Enterprise admin only policy for outside collaborators
    1 like
    Undo
  20. Apr 7

    More cowbell? Well, yes, always but MORE events in audit log? YESSSSSS!

    Secret scanning custom pattern events now in the audit log
    2 retweets 2 likes
    Undo

@GitHubSecurity hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·