Now you can tell the rest of your team why it's a won't fix when you resolve a Dependabot alert. Let us know what you think!
Quote Tweet
Dependabot alerts: optional dismissal comment github.blog/changelog/2022
2
7
Follow
GitHub Security
@GitHubSecurity
GitHub's Security Team.
GitHub Security’s Tweets
Preparations for GitHubSecurity underway! Looking forward to seeing you in Chicago this weekend!
read image description
ALT
2
2
15
Sign-ups are open if you want to take advantage of Blue Team Con’s Career Village.
Experienced hiring managers are ready to help you via resume reviews, mock interviews, and/or giving general career advice.
Book a slot today!
2
11
GitHubSecurity's second report disclosed on HackerOne: Delimiter injection in GitHub Actions core.exportVariable hackerone.com/reports/1625652
Quote Tweet
We are excited to announce a new step for our bug bounty program. Going forward we will be publishing reports that get assigned a CVE (limited disclosure on @HackerOne)! Find our first report (and future ones!) on our Bounty page: hackerone.com/github/hacktiv #GitHubBugBounty
3
11
False-alert flags will appear in users security log due to a bug in 2FA recovery events
2
12
Topics to follow
Sign up to get Tweets about the Topics you follow in your Home timeline.
Carousel
GitHub is committed to protecting developer privacy, taking action on abusive content, and being transparent with developers about content moderation, and disclosure of user information. See our latest transparency report:
6
Excellent volunteer opportunity to support growth and encourage new folks to join our industry!
Quote Tweet
The Career Village is still looking for volunteers to help review resumes, conduct mock interviews, and/or give career advice.
Please fill out the form at btcon.link/CareerVillage if you are interested.
2
9
🚨Village Alert🚨
The Childcare Village has been reopened for tickets. Bringing children and need them watched while you see talks, eat, or mingle? The Childcare Village is here for you and is FREE!
Add-on tickets available on Eventbrite.
More here:
3
7
Secret scanning: Organization admins can dry run custom patterns across all repositories
4
20
GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect (OIDC) – Public Beta
3
22
How to handle secrets in GitHub Actions, in ⏱ 38 seconds
0:38
1.5K views
1
7
23
Congratulations to all the winners and special shoutout to our very own Nancy Gariché, OWASP Project Person of the Year!
4
9
22
sporting our “Keep Hacking Weird” shirt at his talk!
1
4
13
Hanging out with tonight! We’ve got more here tonight. Come say hello!!
GIF
2
8
A well-tuned and secure CI/CD workflow is a critical component for development teams looking to build more and ship fast. With Dependabot alerts on vulnerable GitHub Actions, securing your workflows has never been easier.
2
12
GitHub Enterprise Cloud customers can access IP addresses for audit log entries for enterprise owned assets
2
15
Introducing the new npm Dependency Selector Syntax
7
21
GitHub is investigating the Tweet published Wed, Aug. 3, 2022:
* No repositories were compromised
* Malicious code was posted to cloned repositories, not the repositories themselves
* The clones were quarantined and there was no evident compromise of GitHub or maintainer accounts
12
800
2,350
Privacy statement updates: Adding web cookies to enterprise marketing subdomains
2
5
Debugging CodeQL analysis in code scanning made easier by obtaining detailed logs and debugging artifacts from the CodeQL Action
4
14
REST API now available for the organization-level security manager role (Public Beta)
3
10
🐰🐇🐰🐇 New month means it's time for our latest GitHub Security Bug Bounty report! July bug bounty stats:
✅Closed 146 reports
💰Awarded $4,200 in bounties
👫101 hackers participated in our program
1
4
16
This requirement still stands and will for Blue Team Con 2022.
Please bring vaccination proof to show at registration and plan to wear a mask in the conference areas.
Quote Tweet
Blue Team Con 2022 will require:
- Full vaccination as per CDC guidelines for any authorized ages; and
- Masks will be required to be worn throughout the entire conference at all times, except while eating and drinking or if you are a speaker and are currently presenting.
3
10
59
In this post "Corrupting memory without memory corruption" is showing how a powerful kernel bug, CVE-2022-20186, can be used to root a Pixel 6 from a malicious app
1
49
121
A new npm `audit signatures` command to verify npm package integrity
4
11
General Availability of improved 2FA experience in npm
2
6
Deprecation alert
Quote Tweet
GitHub Actions The macOS 10.15 Actions runner image is being deprecated and will be removed by 8/30/22 github.blog/changelog/2022
1
6
Very happy to be sponsoring Childcare Village
Quote Tweet
A reminder of our FREE childcare village (well, $5/day to ensure serious purchases and as part of the sitters’ tip).
There are VERY limited spots left. Ensure to snag them now if you are interested.
Blue Team Con is dedicated to being a family-friendly event. See @Hak4Kidz too! twitter.com/BlueTeamCon/st…
Show this thread
3
12
GitHub's Bug Bounty team just hit 1000 reports resolved! ✨🎉✨🎉✨🎉
7
5
105
Dependabot alerts paused for malware advisories
2
4
10
Looking forward to sharing out the Live Hacking Event stats soon!
GIF
read image description
ALT
3
Show this thread
Here are June's GitHub Security bug bounty stats:
✅Closed 104 reports
💰Awarded $10,100 in bounties
👫87 hackers participated in our program
Yes, these stats LOOK a little low compared to last month (twitter.com/GitHubSecurity) as our focus was on our Live Hacking Event...
Quote Tweet
With a total of 176 bounty reports submitted, May was close to beating our record 182 reports submitted in March! Here are our May bug bounty stats:
Closed 155 reports
Awarded $30,519 in bounties
128 hackers participated in our program
Closed 155 reports
Awarded $30,519 in bounties
128 hackers participated in our programShow this thread
1
8
Show this thread
Improved innersource collaboration and enterprise fork policies
1
3
15
GitHub Enterprise Cloud customers can configure audit log streaming to AWS S3 with OpenID Connect (OIDC)
5
16
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
4
14
GitHub Advisory Database now includes Erlang and Elixir advisories
3
11