Security News
Datadog announced the Datadog Vulnerability Analysis GitHub Action, Datadog's first action listed on the GitHub Marketplace. GitHub Actions provide powerful, flexible CI/CD with the ability to automate any software development workflow.
Developers often need years to address some of the vulnerabilities introduced in their software, a new GitHub report reveals. The report, which is based on the analysis of more than 45,000 active repositories, shows that it typically takes 7 years to address vulnerabilities in Ruby, while those in npm are usually patched in five years.
Today, GitHub shared more info regarding why YouTube-dl was kicked off the platform and about why GitHub handled this situation the way it did. "Our actions were driven by processes required to comply with laws like the DMCA that put platforms like GitHub and developers in a difficult spot," GitHub's Director of Platform Policy Abby Vollmer said.
A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto-mining capabilities and exploits over 12 known vulnerabilities, therefore the moniker.
GitHub's CEO has denied that the site's source code was posted to GitHub. News of the supposed leak and posting came from a site called Resynth that linked to a Wayback Machine snapshot of a GitHub repo that purported to be the work of GitHub CEO Nat Friedman and was labelled "This is GitHub.com and GitHub Enterprise."
Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline. The bug was identified by security researcher Felix Wilhelm of Google Project Zero, who reported it to GitHub on July 21.
This morning, GitHub's pristine layout vanished off of the repository, in what looks like a miss on the company's part in renewing an SSL certificate. The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from correctly loading on GitHub.
GitHub has issued a warning that accounts could be banned if they continue to upload content that was removed due to DMCA takedown notices. On October 23rd, 2020, GitHub removed the source code repositories for the popular video download tool called YouTube-dl after the Recording Industry Association of America, Inc. filed a DMCA infringement notice.
Users of the extremely popular YouTube-dl YouTube media downloader have flooded GitHub with new repositories containing the tool's source code after GitHub took down the project's repositories on Friday. On October 23, 2020, GitHub took down YouTube-dl's repositories due to a DMCA infringement notice filed by Recording Industry Association of America, an organization that represents the recording industry in the U.S. Before being removed, YouTube-dl's repo was in the top 40 most starred GitHub repositories with more than 72,000 stars, between Node.js and Kubernetes.
The Recording Industry Association of America, Inc. has taken down YouTube-dl's GitHub repositories using a DMCA takedown notice. Today, the RIAA took down the YouTube-dl GitHub repositories by filing a DMCA infringement notice with GitHub.