CISA sounds alarm on critical GitLab flaw under active exploit

The US Cybersecurity and Infrastructure Security Agency (CISA) has labelled a critical vulnerability affecting the popular Git-based repository manager GitLab as a Known Exploited Vulnerability (KEV). The move comes in response to active exploitation attempts detected in the wild, underscoring the urgency for organisations to promptly apply security updates.

Tracked as CVE-2023-7028, the severe flaw (CVSS score: 10.0) could enable adversaries to take over user accounts by sending...

2 May 2024 | Developer

GitHub’s 2FA rollout boosts supply chain security

In a push to enhance the security of the software supply chain, GitHub has successfully rolled out mandatory two-factor authentication (2FA) for code contributors on its platform.

GitHub’s 2FA rollout – announced in May 2022 – aimed to address the critical first link in the software supply chain by securing the developers responsible for designing, building, and maintaining the software we all rely on.

The results are in

After a year of meticulous preparation,...

25 April 2024 | Developer

GitHub enables secret scanning push protection by default

In response to the alarming trend of API keys, tokens, and other confidential data being inadvertently exposed, GitHub has taken further steps to fortify its platform against potential breaches.

Within the first two months of 2024, GitHub has uncovered one million leaked secrets across public repositories, averaging over a dozen incidents per minute. Such alarming figures underscore the pressing need for robust safeguards to protect users and their data.

Since August...

1 March 2024 | Developer

GitHub suffers from over 100K infected repos

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code.

This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised.

Similar to dependency confusion attacks – which exploit package managers – repo confusion attacks rely on human error,...

29 February 2024 | Developer

GitHub rotates credentials following vulnerability discovery

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday.  

The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it had been exploited in attacks, GitHub moved swiftly to rotate potentially exposed keys the same day as a...

17 January 2024 | Developer

GitHub opens Copilot Chat to all developers

GitHub has announced that Copilot Chat is now available to all developers, ushering in a new era of AI-powered software development.

Copilot Chat was launched for ‘Business’ users in July. The AI assistant is capable of assisting developers in their preferred natural language and promises to reduce repetitive tasks.

Developers can use the assistant to explore new languages or frameworks, troubleshoot bugs, and/or seek answers to coding questions, all while remaining...

21 September 2023 | Artificial Intelligence

Mathew Payne, GitHub: Protecting code while nurturing user experience

Developer caught up with Mathew Payne, Principal Field Security Specialist at GitHub, to discuss the platform’s security strategies and how they aim to strike a balance between robustness and a seamless user experience.

At the heart of GitHub's security philosophy lies a commitment to safeguarding user code. Payne emphasised that a major focus is on securing the code created by both users and developers.

“The first thing that we focus on at GitHub is the security...

18 August 2023 | Development Tools

GitHub introduces passwordless authentication

GitHub is introducing passwordless authentication to enhance account security and provide a more seamless user experience.

Passkeys are touted as offering a secure and easy-to-use method of protecting user accounts, with the aim of eliminating password-based breaches altogether. Unlike conventional security measures, passkeys offer improved security by combining two-factor authentication (2FA) with enhanced user verification.

Passkeys require something the user is or...

14 July 2023 | Development Tools

GitHub releases Blackbird code search engine

GitHub has released its reworked code search engine, Blackbird, which is built on Rust and promises faster and more comprehensive software repository exploration.

This revision, which has been in development for three years, is part of GitHub's efforts to enhance text-based search techniques for code queries.

With Blackbird, developers can quickly search, navigate, and comprehend their code, contextualize critical information and ultimately increase productivity. Colin...

10 May 2023 | Developer

GitHub now serves over 100M developers

GitHub has achieved its goal to serve 100 million developers with two years to spare.

In 2019, GitHub set a goal to have 100 million developers using the service by 2025. In a blog post, GitHub announced that it’s already reached that historic milestone.

GitHub CEO Thomas Dohmke wrote:

“Today, I’m excited to share that there are now officially more than 100 million developers using GitHub to build, maintain, and contribute to software...

30 January 2023 | Developer