-
How to secure your GitHub Actions workflows with CodeQL
In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours. The post How to secure your GitHub Actions workflows with CodeQL appeared first on The GitHub Blog. In the…
-
GitLab supports banks in navigating regulatory challenges
The risk of cyber attacks in the banking industry has reached unprecedented levels. Studies by the International Monetary Fund reveal that the financial sector is particularly vulnerable to cyber threats, with nearly one-fifth of reported incidents in the past two decades targeting this industry alone. As these threats continue to escalate, they drive the need…
-
Building LATAM’s future tech workforce with AI
Git Commit 2024 and our new AI course in Spanish The post Building LATAM’s future tech workforce with AI appeared first on The GitHub Blog. Read this post in Spanish Estamos emocionados de celebrar el tercer año de Git Commit, nuestro programa anual dedicado a cerrar la brecha de habilidades tecnológicas y empoderar a estudiantes…
-
Reduce supply chain risk with smarter vulnerability prioritization
Application Security teams face a constant uphill battle in risk reduction due to the ever-growing number of vulnerabilities. This year alone, 36,000 Common Vulnerabilities and Exposures (CVEs) have been reported — a 25% increase from last year. The sharp rise intensifies the challenge of prioritization in vulnerability management, especially for lean AppSec teams. To help,…
-
Streamline the path to CMMC Level 2 compliance with GitLab
The Cybersecurity Maturity Model Certification (CMMC) Program is a framework developed by the U.S. Department of Defense (DoD) to enforce cybersecurity requirements and protect sensitive unclassified information shared by the DoD with contractors and subcontractors. With the release of the CMMC final rule, DoD contractors can begin to assess and align their controls and processes…
-
GitLab’s 2024 bug bounty year in review
It’s that time again when everyone reflects on the year that just passed, and the Application Security team at GitLab is no different. We run the bug bounty program at GitLab, and every year we summarize our stats for those who are curious. We wouldn’t be where we are without the collaboration of our bug…
-
Ultimate guide to CI/CD: Fundamentals to advanced implementation
Continuous integration/continuous delivery (CI/CD) has revolutionized how software teams create value for their users. Gone are the days of manual deployments and integration headaches — modern development demands automation, reliability, and speed. At its core, CI/CD is about creating a seamless pipeline that takes code from a developer’s environment all the way to production and…
-
GitBleed – Finding Secrets in Mirrored Git Repositories – CVE-2022-24975
Summary Due to a discrepancy in Git behavior, partial parts of a source code repository are visible when making copies via the “git clone” command. There are additional parts of the repository that only become visible when using the “–mirror” option. This can lead to secrets being exposed via git repositories when not removed properly,…
-
GitHub’s top blogs of 2024
Explore GitHub’s top blogs of 2024, featuring new tools, AI breakthroughs, and tips to level up your developer game. The post GitHub’s top blogs of 2024 appeared first on The GitHub Blog. As 2024 wraps up, we’re revisiting the highlights of a year packed with innovation, learning, and community. From unlocking the power of AI…