Security News

Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline. The bug was identified by security researcher Felix Wilhelm of Google Project Zero, who reported it to GitHub on July 21.

This morning, GitHub's pristine layout vanished off of the repository, in what looks like a miss on the company's part in renewing an SSL certificate. The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from correctly loading on GitHub.

GitHub has issued a warning that accounts could be banned if they continue to upload content that was removed due to DMCA takedown notices. On October 23rd, 2020, GitHub removed the source code repositories for the popular video download tool called YouTube-dl after the Recording Industry Association of America, Inc. filed a DMCA infringement notice.

Users of the extremely popular YouTube-dl YouTube media downloader have flooded GitHub with new repositories containing the tool's source code after GitHub took down the project's repositories on Friday. On October 23, 2020, GitHub took down YouTube-dl's repositories due to a DMCA infringement notice filed by Recording Industry Association of America, an organization that represents the recording industry in the U.S. Before being removed, YouTube-dl's repo was in the top 40 most starred GitHub repositories with more than 72,000 stars, between Node.js and Kubernetes.

The Recording Industry Association of America, Inc. has taken down YouTube-dl's GitHub repositories using a DMCA takedown notice. Today, the RIAA took down the YouTube-dl GitHub repositories by filing a DMCA infringement notice with GitHub.

A security researcher says he has earned $20,000 for a high-severity GitHub Enterprise vulnerability that might have allowed an attacker to execute arbitrary commands. GitHub Enterprise, the on-premises version of GitHub.com, is designed to make it easier for large enterprise software development teams to collaborate.

"So much of the world's development happens on GitHub that security is not just an opportunity for us, but our responsibility. To secure software at scale, we need to make a base-level impact that can drive the most change; and that starts with the code," Grey Baker, GitHub's Senior Director of Product Management, told Help Net Security. The engine can analyze code written in C, C++, C#, Java, JavaScript, TypeScript, Python and Go, but since the Code Scanning feature built on the open SARIF standard, it can also work with third-party analysis engines available from the GitHub Marketplace.

DefenseCode Group has announced that DefenseCode's Static Application Security Testing ThunderScan solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub. Coinciding with the launch of code scanning, DefenseCode Group has released a GitHub Action for the ThunderScan SAST solution.

Checkmarx announced a new GitHub Action to bring comprehensive, automated static and open source security testing to developers. Checkmarx's new GitHub Action integrates the company's application security testing solutions - Checkmarx SAST and Checkmarx SCA - directly with GitHub code scanning, giving developers more flexibility and power to work with their preferred tools of choice to secure proprietary and open source code.

GitHub on Wednesday announced that its code scanning feature, which is designed to enable developers to easily identify vulnerabilities in their products before they reach production, is generally available. The code scanning feature was unveiled in May, but at the time it was still in beta.