The most important of these new security improvements is the expansion of the Security Alerts feature, which now also supports Java and .NET projects, on top of the original JavaScript, Ruby, and ...

GitHub is now also a CVE CNA and can issue its own CVE numbers for bugs disclosed in projects hosted on the platform.

The discovery by Palo Alto Networks' Unit 42 prompted action by owners of popular repositories where secrets were leaked through GitHub Actions artifacts.

Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub.

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands Even top-tier security projects ...

Many organizations are unwittingly exposing users of their code repositories to repojacking when renaming projects, a new study shows.