GitHub Security (@GitHubSecurity) / Twitter

50 captures

20 Dec 2017 - 30 Sep 2025

Dec	JAN	Feb
	27
2021	2022	2023

success

fail

About this capture

COLLECTED BY

Collection: Save Page Now

TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20220127222632/https://twitter.com/GitHubSecurity

Follow GitHub Security

@GitHubSecurity

GitHub Security Team Everywhere software is builtgithub.com/securityJoined July 2013 133 Following 8,713 Followers Tweets Tweets & replies Media Likes

GitHub Security’s Tweets

GitHub Security

@GitHubSecurity

· 14m The next installment of @pwntester 's OWASP series is live! Learn to keep your database access secure with our deep dive into OWASP Proactive Control C3.

github.blog Thinking beyond SQL injection: OWASP tips for secure database access | The GitHub Blog When it comes to secure database access, there's more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

GitHub Security

@GitHubSecurity

· Jan 26 GitHub is looking for a Junior Security Researcher to join our Security Lab team. As a member of the GitHub Security Lab you will make a direct impact on the security of the open source software the world depends on. boards.greenhouse.io/github/jobs/38#InfoSecJobs#Hiring#RemoteJob

boards.greenhouse.io Junior Security Researcher Remote - US

GitHub Security

@GitHubSecurity

· Jan 25 GitHub Mobile 2FA will be available to all GitHub users in the App Store and Play Store this week.

github.blog Secure your GitHub account with GitHub Mobile 2FA | The GitHub Blog GitHub continues to improve account security and developer experience with a new 2FA mechanism in GitHub Mobile on iOS and Android.

GitHub Security

@GitHubSecurity

· Jan 22 Another product update that should make your auditors go Happy Chris Pratt GIF by Parks and Recreation

GIF Quote Tweet

GitHub Changelog

@GHchangelog

· Jan 21

Additional fields when exporting user details github.blog/changelog/2022

GitHub Security

@GitHubSecurity

· Jan 20 Catch GitHub's own @gose1 on DevSecOps and closing the security gap with developers, tomorrow 11 AM ET ow.ly/222m50HybnF Quote Tweet

HackerOne

@Hacker0x01

· Jan 19

DevSecOps is a team sport. This Friday, join HackerOne’s @senorarrozand GitHub’s @gose1for an inside look at a tried and true DevSecOps program, and the critical role ethical hackers play. ow.ly/222m50HybnF

GitHub Security

@GitHubSecurity

· Jan 20 Audit log streaming is generally available for enterprise users! Quote Tweet

GitHub Changelog

@GHchangelog

· Jan 20

Audit log streaming is generally available github.blog/changelog/2022

Topics to follow

Carousel

Open source Cloud platforms Cloud computing Linux Computer programming Web development Machine learning Python Databases Internet of things Data science Microsoft Windows Microsoft Raspberry Pi Massachusetts Institute of Technology Android Smart technology Data visualization UX design Adobe Tim Cook PC building Augmented reality Arduino Telecom FinTech Women in tech Mobile development Wearable technology Tech industry

GitHub Security

@GitHubSecurity

· Jan 19 Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4 | The GitHub Blog

github.blog Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4 | The... We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.

GitHub Security Retweeted

theopenssf

@theopenssf

· Jan 19 . @theopenssf Scorecard V4 is out: 1M repos scanned, new Dangerous-Workflow check and a GitHub Action that integrates with GitHub code scanning dashboard! Read more on the blog: openssf.org/blog/2022/01/1

GitHub SecurityRetweeted

GitHub Changelog

@GHchangelog

· Jan 18 View code scanning alerts across an organization

github.blog View code scanning alerts across an organization | View code scanning alerts across an organization

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jan 18 GitHub’s SSH host keys are now published in the API

github.blog GitHub's SSH host keys are now published in the API | GitHub's SSH host keys are now published in the API

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jan 19 Secret scanning enterprise-level REST API

github.blog Secret scanning enterprise-level REST API | Secret scanning enterprise-level REST API

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jan 14 Updates to the Checks Data Retention Policy

github.blog Updates to the Checks Data Retention Policy | GitHub Changelog Updates to the Checks Data Retention Policy

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jan 14 GitHub Actions: Prevent GitHub Actions from approving pull requests

github.blog GitHub Actions: Prevent GitHub Actions from approving pull requests | GitHub Changelog GitHub Actions: Prevent GitHub Actions from approving pull requests

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jan 12 Security-focused improvements for npm

github.blog Security-focused improvements for npm | Security-focused improvements for npm

GitHub Security Retweeted

Mike Hanley

@_mph4

· Jan 13 The security of open source is critical to the security of all software. Today @storming and I are joining other industry leaders at the @WhiteHouse to share how we can tackle open source security together as a community. Read more on what we’re sharing:

github.blog The Open Source Software Security Summit: securing the world’s code together | The GitHub Blog My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.

110

GitHub Security Retweeted

npm

@npmjs

· Jan 12 we just shipped a number of security-focused improvements to npm including: - naming access tokens - enforcing 2FA in your npm orgs - improved auditing for 2FA adoption in orgs - selecting teams when adding new org members read more in our Changelog ⬇️

github.blog Security-focused improvements for npm | Security-focused improvements for npm

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jan 11 Git.io no longer accepts new URLs

github.blog Git.io no longer accepts new URLs | Git.io no longer accepts new URLs

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Jan 5 GitHub Enterprise Cloud Enterprise Owners Now Viewable at Organization Level

github.blog GitHub Enterprise Cloud Enterprise Owners Now Viewable at Organization Level | GitHub Enterprise Cloud Enterprise Owners Now Viewable at Organization Level

GitHub Security Retweeted

MinoritiesInCybersecurity

@MiCLeadership

· Dec 27, 2021 Less than one week left to apply for the #MiCLEADprogram sponsored by @TechAtBloomberg ! Only the first 50 applications will be considered. Only 15 selected! Apply here before the December 31st deadline: mincybsec.org/mic-lead

GitHub Security

@GitHubSecurity

· Dec 22, 2021 To all the Support and Security teams who've been working round the clock to surface answers and protect systems - we see you! A big thank you to our Supportocats, and others like them, who've been on the front line this week. Cartoon fist bump showing support. We've got this!

GIF

GitHub Security

@GitHubSecurity

· Dec 20, 2021 Part three (C2) of @pwntester 's OWASP Proactive Controls series is live!

github.blog How to leverage security frameworks and libraries for secure code | The GitHub Blog In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.

GitHub Security

@GitHubSecurity

· Dec 17, 2021 An update to GitHub’s response to Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 github.blog/2021-12-13-git Quote Tweet

GitHub Security

@GitHubSecurity

· Dec 13, 2021

GitHub’s response to the Log4j vulnerability: github.blog/2021-12-13-git

GitHub SecurityRetweeted

GitHub Changelog

@GHchangelog

· Dec 16, 2021 Advisory Database now includes an Unreviewed Advisories section

github.blog Advisory Database now includes an Unreviewed Advisories section | Advisory Database now includes an Unreviewed Advisories section

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Dec 13, 2021 Secret scanning permissions can now be configured as part of custom repository roles

github.blog Secret scanning permissions can now be configured as part of custom repository roles | GitHub... Secret scanning permissions can now be configured as part of custom repository roles

GitHub Security Retweeted

GitHub Security Lab

@GHSecurityLab

· Dec 14, 2021 Learn how to define robust project security requirements in the new installment of our OWASP proactive controls series

github.blog How to define security requirements for your OSS project | The GitHub Blog Defining your security requirements is the most important proactive control you can implement for your project. Here's how.

GitHub Security

@GitHubSecurity

· Dec 14, 2021 As security teams globally work to assess Log4j exposure and patch, GitHub’s Dependabot can help by quickly identifying explicit vulnerable dependencies.

github.blog Using GitHub’s security features to help identify Log4j exposure in your codebase | The GitHub Blog Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repos.

GitHub Security

@GitHubSecurity

· Dec 13, 2021 GitHub’s response to the Log4j vulnerability:

github.blog GitHub’s response to Log4j vulnerability CVE-2021-44228 | The GitHub Blog On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Dec 8, 2021 Audit log streaming beta update – Google Cloud Storage support

github.blog Audit log streaming beta update – Google Cloud Storage support | GitHub Enterprise Cloud customers participating in the audit log streaming public beta may now use Google Cloud Storage when configuring a stream. This will allow tools that support Google Cloud...

GitHub Security Retweeted

Mike Hanley

@_mph4

· Dec 7, 2021 In order to better protect the software supply chain, npm registry, and broader JavaScript ecosystem, we're starting the process of requiring 2FA on npm. You can learn more about next steps here: github.blog/2021-12-07-enr Quote Tweet

npm

@npmjs

· Dec 7, 2021

continuing our commitment to npm security with the introduction of new enhanced login verification and timeline for two-factor authentication enforcement github.blog/2021-12-07-enr Show this thread

GitHub Security Retweeted

npm

@npmjs

· Dec 7, 2021 continuing our commitment to npm security with the introduction of new enhanced login verification and timeline for two-factor authentication enforcement

github.blog Enrolling all npm publishers in enhanced login verification and next steps for two-factor authent... Today we're introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.

169

Show this thread GitHub Security Retweeted

GitHub Security Lab

@GHSecurityLab

· Dec 6, 2021 Shift left with our deep dive into the OWASP Proactive Controls Top 10

github.blog Write more secure code with the OWASP Top 10 Proactive Controls | The GitHub Blog This lesser-known OWASP project aims to help developers prevent vulnerabilities from being introduced in the first place.

116

GitHub Security

@GitHubSecurity

· Dec 6, 2021 Today, we’re happy to announce that we have integrated sigstore support for container image signing into the GitHub Actions starter workflow, so that developers can sign their container images by default.

github.blog Safeguard your containers with new container signing capability in GitHub Actions | The GitHub Blog GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow, giving your users confidence that the container images...

GitHub Security Retweeted

GitHub Changelog

@GHchangelog

· Dec 3, 2021 Typeform is now a GitHub secret scanning partner

github.blog Typeform is now a GitHub secret scanning partner | GitHub Changelog Tyepform is now a GitHub secret scanning partner

GitHub Security

@GitHubSecurity

· Dec 4, 2021 Mona the Octocat approves! Quote Tweet

Shay

@redshoefoto

· Dec 2, 2021

GitHub Security

@GitHubSecurity

· Dec 2, 2021 Security controls, like swords, should only be as heavy as they need to be to provide strength. Configurable timeouts, working FOR the workflows they are trying to protect, are a good thing. Quote Tweet

GitHub Changelog

@GHchangelog

· Dec 2, 2021

Codespaces now have a configurable idle timeout github.blog/changelog/2021

GitHub Security

@GitHubSecurity

· Dec 2, 2021 Security is more fun with a team, won't you join us? We're hiring! Check out our current open roles with more coming soon! github.com/about/careers#InfoSecJobs#Hiring Screen grab of https://github.com/about/careers and the 11 openings currently listed.

Screen grab of https://github.com/about/careers and the 11 openings currently listed.

GitHub SecurityRetweeted

GitHub Changelog

@GHchangelog

· Dec 1, 2021 Secret scanning REST API now surfaces locations

github.blog Secret scanning REST API now surfaces locations | Secret scanning REST API now surfaces locations

GitHub Security

@GitHubSecurity

· Dec 1, 2021 GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on. securitylab.github.comboards.greenhouse.io/github/jobs/36#OneSecurityTeam#InfoSecJobs#Hiring

boards.greenhouse.io GitHub

GitHub Security Retweeted

Joseph Katsioloudes

@jkcso

· Dec 1, 2021 This Friday ⁦ @ALAColombia and I will interview 4 super-talented security professionals about their approach to SAST.⁩ Specifically, the team of MercadoLibre, LATAM’s leading marketplace with 132M active users! 🇦🇷🇦🇷🇦🇷

linkedin.com Securing LATAM’s leading marketplace with CodeQL | LinkedIn Mercado Libre (NASDAQ: MELI) is Latin America’s leading e-commerce platform, and LATAM's most valuable company by market capitalization. This Friday, join us to meet Mercado Libre’s SAST (Static...