Maintainers Archives
…Latest Securing the AI software supply chain: Security results across 67 open source projects Learn how The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems…
Search
Securing the git push pipeline: Responding to a critical remote code execution vulnerability
…CVE GHES Written by Alexis Wales is the Chief Information Security Officer of GitHub. She leads a team of security experts focused on safeguarding the GitHub platform, products and the open source…
GitHub Universe is back: We want you to take the stage
…secure GitHub Actions patterns (with Copilot as a trusty sidekick) that helped teams speed up workflows while keeping security front and center. Dream it in the morning, build it in the afternoon…
LLMs Archives
…deterministic How to build the “Trust Layer” for Github Copilot Coding Agents without brittle scripts or black-box judgements by using dominatory analysis. Under the hood: Security architecture of GitHub Agentic Workflows…
A year of open source vulnerability trends: CVEs, advisories, and malware
…CVE CVSS CWE Dependabot EPSS GitHub Security Lab malware vulnerability Written by Security Analyst, curator of the GitHub Advisory Database, and one of the members of the Security Lab responsible for issuing…
Actions OIDC tokens now support repository custom properties - GitHub Changelog
…You can then reference this claim in your cloud provider’s trust policy to control access based on repository attributes. No static allow lists or per-repository workflow changes required. To learn…
Upcoming change to Copilot usage metrics report download URLs - GitHub Changelog
…Enterprise security teams have a predictable, trustworthy domain to allowlist. Automation scripts and integrations are not disrupted by domain changes. For more information, see the Copilot allowlist reference . Join the discussion within…
Validating agentic behavior when “correct” isn’t deterministic
…This framework for the Trust Layer provides: Efficient learning: Automatic derivation of ground truth from passing examples. Operational robustness: Secure handling of non-deterministic behavior and environmental noise. Total transparency: Explainable results…
Welcome to Maintainer Month: Celebrating the people behind the code
…Mentoring new contributors, building trust across a community, making the judgement calls that shape a project’s direction: that’s the work that turns a repository into a living collaboration. And with…
A cheat sheet to slash commands in GitHub Copilot CLI
…Clarity and security : Commands like /add-dir and /list-dirs give clear boundaries for file access and create an auditable trail, which is essential for teams working in sensitive environments. This eliminates…