#ghas — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #ghas, aggregated by home.social.
-
Very nice explanation from GitHub on how to cut through the noise: How to prioritize Dependabot alerts https://github.blog/security/application-security/cutting-through-the-noise-how-to-prioritize-dependabot-alerts/
-
Massive improvement that we’ve been waiting for!
Dependabot helps users focus on the most important alerts by including EPSS scores that indicate likelihood of exploitation, now generally available - GitHub Changelog https://github.blog/changelog/2025-02-19-dependabot-helps-users-focus-on-the-most-important-alerts-by-including-epss-scores-that-indicate-likelihood-of-exploitation-now-generally-available/
-
Code security configurations are now GA https://github.blog/changelog/2024-07-10-code-security-configurations-are-now-ga
I wrote about how much easier it is and how it helps with the rollout of #GHAS here: https://devopsjournal.io/blog/2024/04/27/GHAS-code-security-configuration
-
CodeQL can scan C# projects without requiring working builds (public beta). This will make it a lot easier when rolling out CodeQL initially! Now you can run a scan on your entire organization to see what you don’t know, and define a strategy based on the results! It saves time since you do not have to go on a team by team basis to enable them with a custom build config to get the information out of code scanning.
-
This is awesome! Ran into this today during a training and loved it! So much more intuitive and thus very useful ❤️ #GitHub #GHAS
Advanced filtering capabilities for the security overview dashboard https://github.blog/changelog/2024-04-04-advanced-filtering-capabilities-for-the-security-overview-dashboard
-
The #GHAS team keeps on adding helpful tools to manage Advanced Security better! Code security configurations let organizations easily roll out GitHub security products at scale - The GitHub Blog https://github.blog/changelog/2024-04-02-code-security-configurations-let-organizations-easily-roll-out-github-security-products-at-scale/
-
More welcome updates for #GHAS users (GitHub Advanced Security)!
Security overview dashboard: Alert age trends, custom repository and severity filters, and date pickers https://github.blog/changelog/2024-03-20-security-overview-dashboard-alert-age-trends-custom-repository-and-severity-filters-and-date-pickers
-
Interesting read on the Mercedes secret and thus repo access leak: https://www.reversinglabs.com/blog/lessons-from-the-mercedes-benz-github-source-code-leak
TL;DR: access token in personal repo accidentally uploaded. The PAT had access to all internal orgs and repos as well.
So even if the company has configured things like #GHAS on their own things, the personal token still leaked with all the consequences.
So no real way to prevent this. SSO and approval might work, but in the end: still the same result.
-
📢 Version 1.2.3 of the GHAS Reporting Tool is out - a Python script to fetch GitHub Advanced Security alerts.
Bug Fixes
- Update requirements.txt to resolve vulnerabilities in script dependencies
-
The #GitHub Advanced Security for Azure DevOps Extension now has new functionality:
- Overall project level dashboard to group info across repos (this is a much needed one!)
- Includes a longer trendline as well
- New trendline showing the status of the alerts, to track progressFind it in the marketplace: GHAzDoWidget
Feedback welcome!
-
I’ve got some really cool work news!
I recently joined a brand new team that is focused on improving the way licensing works. This includes :github: Enterprise Cloud, :github: Enterprise Server, :github: Copilot for Business and :github: Advanced Security
Let me know if you have any licensing feedback or woes!
-
I’ve got some really cool work news!
I recently joined a brand new team that is focused on improving the way licensing works. This includes :github: Enterprise Cloud, :github: Enterprise Server, :github: Copilot for Business and :github: Advanced Security
Let me know if you have any licensing feedback or woes!
-
I’ve got some really cool work news!
I recently joined a brand new team that is focused on improving the way licensing works. This includes :github: Enterprise Cloud, :github: Enterprise Server, :github: Copilot for Business and :github: Advanced Security
Let me know if you have any licensing feedback or woes!
-
I’ve got some really cool work news!
I recently joined a brand new team that is focused on improving the way licensing works. This includes :github: Enterprise Cloud, :github: Enterprise Server, :github: Copilot for Business and :github: Advanced Security
Let me know if you have any licensing feedback or woes!
-
I’ve got some really cool work news!
I recently joined a brand new team that is focused on improving the way licensing works. This includes :github: Enterprise Cloud, :github: Enterprise Server, :github: Copilot for Business and :github: Advanced Security
Let me know if you have any licensing feedback or woes!
-
En este vídeo te cuento el por qué de GitHub Advanced Security y te muestro sus funcionalidades a través de un proyecto de ejemplo. ¡Aprenderás seguridad a la vez que desarrollas!
https://youtu.be/51MSd7vhQjY#devsecops #github #githubadvancedsecurity #ghas
@github
@ghsecuritylab -
📢 Version 1.2.1 of the GHAS Reporting Tool is out - a Python script to fetch GitHub Advanced Security alerts.
New Features in this release:
----------------------------------------------
Minor bug fixesChange alert count behaviour - Alert counts now only show alert counts for selected scan types, or all if no scan types are specified
Fix command line option behaviour. The script now exits if alert type "--all" is specified together with additional alert type parameter(s)
Update requirements.txt to resolve 2 vulnerabilities in the cryptography and requests library.
-
I’ve got a layover in Copenhagen on my way to goto; Aarhus to talk about GitHub Advanced Security (GHAS) and noticed that Microsoft announced GHAS for Azure DevOps!
Want to learn all about it? Then read my post on it, hot off the press!
https://devopsjournal.io/blog/2023/05/23/GitHub-Advanced-Security-Azure-DevOps
-
Yeah!!! Certification record 30/30! 😲 View my verified achievement from @github. #GitHub #GHAS #Security https://www.credly.com/badges/d5e33f40-80d4-4190-866c-b974398fb39e/twitter?t=rti8y8
-
📢 Version 1.2.0 of the GHAS Reporting Tool is out - a Python script to fetch GitHub Advanced Security alerts.
New Features in this release:
Write reports to an Excel file with multiple worksheets, making it easier to organize and manage large amounts of security alert data.
Option to set preferred table style colour for Excel output, with support for "grey", "blue", "green", "rose", "purple", "aqua", and "orange" colours.
-
Did you know that you can now enable #GitHub Advanced Security features for all your personal repositories in one go? Go to https://github.com/settings/security_analysis to enable them!
Want to learn more about GitHub Advanced Security? Check out my LinkedIn Learning course on it! https://www.linkedin.com/learning/github-advanced-security/github-advanced-security?autoplay=true
-
🚀 GHAS Reporting Tool v1.0.0 - Initial Release! A Python script to fetch GitHub Advanced Security (GHAS) alerts and generate reports in CSV and JSON formats. Download the release and check the README for setup details https://github.com/rhe8502/ghas_report/releases/tag/v1.0.0 #GitHub #NewRelease #GHAS #AppSec #InfoSec
