Computer Weekly

GitHub targets vulnerable open source components

GitHub has introduced an automated alert mechanism to enable developers to address vulnerabilities in the open source components their code uses. According to GitHub, the new feature, called ...
Visual Studio Magazine

GitHub Copilot Security Study: 'Developers Should Remain Awake' in View of 40% Bad Code Rate

Researchers published a scholarly paper looking into security implications of GitHub Copilot, an advanced AI system now being used for code completion in Visual Studio Code and possibly headed for ...
Wired

GitHub Moves to Guard Open Source Against Supply Chain Attacks

Following the 2020 SolarWinds cyberespionage campaign, in which Russian hackers slipped tainted updates into a widely used IT management platform, a series of further software supply chain attacks ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...