SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
Bleeping Computer

GitHub expands security tools after 39 million secrets leaked in 2024

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...
SD Times

GitHub announces new updates to improve supply chain security

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
SD Times

GitHub unbundling its GitHub Advanced Security offering starting in April

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
TechCrunch

JFrog deepens its partnership with GitHub, launches runtime security service

Earlier this year, software supply chain platform (and binary specialist) JFrog announced a partnership with GitHub that, among other things, allowed developers and the teams that support them to ...
Infosecurity-magazine.com

Nearly 13 Million Secrets Spilled Via Public GitHub Repositories

Developers accidentally leaked 12.8 million secrets on public GitHub repositories in 2023, a 28% increase on the previous year, according to a new report from GitGuardian. The security vendor claimed ...
Bleeping Computer

GitHub enables push protection by default to stop secrets leak

GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. Today's announcement comes ...
InfoWorld

GitHub Advanced Security now offers security campaigns

Security campaigns available with the Copilot Autofix tool aim to manage risk and increaase collaboration between developers and security teams. GitHub has made security campaigns available for GitHub ...
Hosted on MSN

GitHub moves to tighten npm security amid phishing, malware plague

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.… September has been a bad month for npm with phishing attacks on package ...
SiliconANGLE

Pulumi enhances cloud security with automated secrets rotation and new GitHub integration

Infrastructure-as-code provider Pulumi Corp. today announced four product enhancements that are designed to improve security, streamline automation and provide greater control over cloud resources.
TechCrunch

GitHub launches $1.25M open source fund with a focus on security

The open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the ...