GitHub Security Lab

Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world. The post Cybersecurity researchers: Digital detectives in a connected world appeared first on The GitHub Blog.

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory. The post Attacks on Maven proxy repositories appeared first on The GitHub Blog.

In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours. The post How to secure your GitHub Actions workflows with CodeQL appeared first on The GitHub Blog.