-
How to secure your GitHub Actions workflows with CodeQL
In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours. The post How to secure your GitHub Actions workflows with CodeQL appeared first on The GitHub Blog. In the…
-
GitLab supports banks in navigating regulatory challenges
The risk of cyber attacks in the banking industry has reached unprecedented levels. Studies by the International Monetary Fund reveal that the financial sector is particularly vulnerable to cyber threats, with nearly one-fifth of reported incidents in the past two decades targeting this industry alone. As these threats continue to escalate, they drive the need…
-
Building LATAM’s future tech workforce with AI
Git Commit 2024 and our new AI course in Spanish The post Building LATAM’s future tech workforce with AI appeared first on The GitHub Blog. Read this post in Spanish Estamos emocionados de celebrar el tercer año de Git Commit, nuestro programa anual dedicado a cerrar la brecha de habilidades tecnológicas y empoderar a estudiantes…
-
Reduce supply chain risk with smarter vulnerability prioritization
Application Security teams face a constant uphill battle in risk reduction due to the ever-growing number of vulnerabilities. This year alone, 36,000 Common Vulnerabilities and Exposures (CVEs) have been reported — a 25% increase from last year. The sharp rise intensifies the challenge of prioritization in vulnerability management, especially for lean AppSec teams. To help,…
-
Streamline the path to CMMC Level 2 compliance with GitLab
The Cybersecurity Maturity Model Certification (CMMC) Program is a framework developed by the U.S. Department of Defense (DoD) to enforce cybersecurity requirements and protect sensitive unclassified information shared by the DoD with contractors and subcontractors. With the release of the CMMC final rule, DoD contractors can begin to assess and align their controls and processes…
-
GitLab’s 2024 bug bounty year in review
It’s that time again when everyone reflects on the year that just passed, and the Application Security team at GitLab is no different. We run the bug bounty program at GitLab, and every year we summarize our stats for those who are curious. We wouldn’t be where we are without the collaboration of our bug…
-
Ultimate guide to CI/CD: Fundamentals to advanced implementation
Continuous integration/continuous delivery (CI/CD) has revolutionized how software teams create value for their users. Gone are the days of manual deployments and integration headaches — modern development demands automation, reliability, and speed. At its core, CI/CD is about creating a seamless pipeline that takes code from a developer’s environment all the way to production and…
-
Preparing for Post-Quantum Cryptography: Key Takeaways from SAFECode’s Working Group
As we mentioned in a previous blog, SAFECode’s post-quantum cryptography (PQC) working group has reached a milestone. NIST has standardized its first wave of post-quantum encryption algorithms, and our working group has identified key activities that will enable our members to manage the transition to quantum-resistant cryptography and adapt to the emergence of new algorithms…
-
Celebrating Dedication and Innovation: Highlights from SAFECode Day 2024
Over 50 SAFECode members and industry leaders came together for a dynamic SAFECode Day 2024! The event featured exciting project updates, lively discussions, and an inspiring keynote from Anne Neuberger, Deputy Assistant to the President, who emphasized the crucial role of cybersecurity in today’s digital landscape. It was great to hear our members share their…