News

CSO Online6d
GitHub package limit put law firm in security bind
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...
InfoQ2mon
How GitHub Leverages CodeQL for Security
GitHub’s Product Security Engineering team secures the code ... consideration is given to dependencies such as the ruby-all package. By extending classes from the default query suite, the ...
Ars Technica1y
GitHub besieged by millions of malicious repositories in ongoing attack
GitHub is struggling to contain ... instead of through importing PyPI packages. This came after PyPI removed the malicious packages, and the security community increased its focus there.
Bleeping Computer3y
GitHub notifies owners of private repos stolen using OAuth tokens
Just as GitHub's Chief Security Officer Mike Hanley previously ... to private GitHub.com repos and "potential access" to npm packages stored on AWS S3 servers. While the attacker stole data ...
ZDNet6y
GitHub security alerts now support Java and .NET projects
Code hosting service GitHub has updated its platform this week, and among the many developer-centric changes, the company also rolled out three new security ... files such as package.json (for ...