Robuta

82 Posts, 2 Following, 381 Followers · https://securitylab.github.com/

Shai Hulud threat actors are leveraging GitHub Actions vulnerabilities in an ongoing exploitation campaign. Discover the impact and recommended security...

GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.

May 9, 2024 - Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code.

The software supply chain starts with the developer. To make sure that GitHub, the home of open source, can help defend the entire ecosystem against supply...

🔎 Static code analysis engine to find security issues in code. - opengrep/opengrep

Integrating Black Duck SCA with GitHub using Security Scan.

Apr 7, 2025 - A peek under the hood of GitHub Advanced Security code scanning autofix.

Feb 4, 2022 - Hosts Nigel, Pierluigi, and Shawn share what to expect from Security Week at InFocus, from using open source securely to achieving DevSecOps.

This micro-course describes how to use our Security Scan Action for GitHub with Polaris allowing you to easily integrate security testing into your CI pipeline

Feb 17, 2026 - The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems, and advance open source resilience.

Jan 20, 2026 - Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.

Mar 22, 2025 - GitHub Security Lab, launched at GitHub Universe 2019, is a new GitHub initiative whose mission is to inspire and enable the community to secure the open...

Dec 14, 2022 - GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more...

How ZAP full scan and GitHub actions can help to automate the security testing

May 5, 2025 - This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.

The latest security news from GitHub, including security-related product updates.

For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!

Sep 30, 2025 - As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our recent...

Aug 18, 2021 - You can now use FIDO2 security keys to authenticate over SSH for remote Git operations, providing a higher level of account security.

Sep 23, 2025 - Software Development News

You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data...

May 6, 2022 - GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.

Oct 22, 2025 - For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—@dev-bio!

Mar 25, 2024 - Learn about how GitHub Advanced Security’s new AI-powered features can help you secure your code more efficiently than ever.

The best React-based framework with performance, scalability and security built in. - gatsbyjs/gatsby

Oct 8, 2024 - Learn about a community-developed framework for how to think about this problem holistically and how to use GitHub, particularly, to improve the security in...

In today’s interconnected development environment, a single vulnerability in any component of the supply chain poses a threat. Find out how GitHub’s...

Apr 10, 2025 - Security should be native to your workflow, not a painful separate process. Here's how we can help you prioritize and remediate problems.

Sep 9, 2025 - Legitify is an open-source security tool for GitHub or GitLab users to automatically discover insecure configurations.

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening - arkenfox/user.js

Dec 20, 2024 - Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of...

Jan 20, 2026 - Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities.

Jun 26, 2024 - Software Development News

Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security...