🎉 You can now enable code scanning in your GitHub Actions workflow files! ✅ By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. https://t.co/542bHeot0b

We’ve launched our secret scanning alert experience for free for all public repositories. You can now proactively detect any leaked secrets that may be exposed in your code and have remediation recommendations – all within the GitHub UI.

Secret scanning is now available for free on public repositories

NEW Security Feature: 🎉 PRIVATE VULNERABILITY REPORTING 🎉

Excited to talk about how GitHub uses GitHub to secure GitHub today at #GitHubUniverse! Join us live or virtually at 2:30pm PST today!

Are you attending @ekoparty ? Go stop by the @GitHubSecurity booth and say hello to @s2jeff_gh from our Bounty Team.

My first blog post at GitHub! We have been hard at work upgrading our encryption strategy to ActiveRecord::Encryption. Keep an eye out because next week we will detail how we migrated previously encrypted data to the new standard and how you can too!

GitHub has learned of a phishing campaign targeting GitHub users by impersonating CircleCI to harvest user credentials and two-factor codes. Read more about our response and how to protect your accounts from phishing attacks.

GitHub's Bug Bounty team just hit 1000 reports resolved! ✨🎉✨🎉✨🎉

Incredibly excited to see Entitlements open sourced for identity and access management on GitHub! Bravo @mrsbworth @rickbradley and @notmailman! 👏🎉👏🎉

📚 tl;dr sec 135 * @BSidesSF this weekend! * @google Cloud forensics utils * @thejillboss, @thedawgyg Running bug bounty programs * @chainguard_dev Supply chain security reading list * @DanielMiessler Newsletter analysis * @0x00C651E0 RCE in Rails apps https://t.co/lPaTuxU7Z6

Looking to rollout Dependabot for your enterprise? Check out how GitHub's security team uses Dependabot internally.

Join the security teams @twilio @netflix and @github for an exciting virtual event Apr 28 3:00pm-5:00pm PDT to discuss Scaling AppSec with your Application Security practitioner colleagues!

What good is a security system that hasn't been tested? Come help GitHub test our security systems! Our red team is expanding with room for Senior and Junior roles. https://t.co/67hdFjbsED

DevSecOps is a team sport. This Friday, join HackerOne’s @senorarroz and GitHub’s @gose1 for an inside look at a tried and true DevSecOps program, and the critical role ethical hackers play. https://t.co/8WR7PuyF7V

I'm hiring a Communications and Education Manager to help engage GitHubbers and the GitHub community around all things #infosec. If you have a passion for internal comms, executive comms, or security awareness training I encourage you to apply. DMs open.