Build what's next on GitHub, the place for anyone from anywhere to build anything.
Join us October 28-29 in San Francisco or online for GitHub Universe, our flagship developer event uniting people, agents, and the world's code.
Explore secure coding practices and secure software design principles to incorporate advanced security features like encryption, authentication, and authorization. With practical strategies and techniques to secure applications throughout the development lifecycle, you can learn about emerging trends such as generative AI and machine learning.
The new Code Security Risk Assessment gives you a one-click view of vulnerabilities across your organization, at no cost.
CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.
Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first.
Security should be native to your workflow, not a painful separate process.
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.
What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we’ll describe some common CORS issues as well as how you can find and fix them.
