Yesterday at #GitHubUniverse, we announced that open source repo maintainers can now receive (and remediate) private vulnerability reports from security researchers directly on GitHub. Today, we’ve got lots more security tips to keep your code safe from bad actors. 👇
Conversation
This talk isn’t just about vulnerabilities. It’s about how to fix them at scale. If you’re part of a growing organization and are concerned about security (which you should be!), you’ll want to hear this.
1
5
16
Security tooling is important but good communication between open source maintainers and security researchers is essential. Here’s why:
1
2
17
The registry is the heart of the JavaScript ecosystem. In this talk, you’ll hear about the steps GitHub has taken to secure this important part of the software supply chain.
1
5
14
What’s the best way to verify that a new language in a SAST tool works properly? Use it on real projects. See what Software Engineer Tony Torralba discovered when he tested the Kotlin language in GitHub code scanning.
Replying to
Want to learn how security has changed as organizations move from remote to hybrid work models? Join this chat with GitHub CSO and SVP of Engineering, , and a panel of CISOs.
7
12
