Greg Ose

🎉 You can now enable code scanning in your GitHub Actions workflow files! ✅ By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. github.blog/changelog/2024…

We’ve launched our secret scanning alert experience for free for all public repositories. You can now proactively detect any leaked secrets that may be exposed in your code and have remediation recommendations – all within the GitHub UI. github.blog/2022-12-15-lea…

Secret scanning is now available for free on public repositories github.blog/changelog/2022…

NEW Security Feature: 🎉 PRIVATE VULNERABILITY REPORTING 🎉

Excited to talk about how GitHub uses GitHub to secure GitHub today at #GitHubUniverse! Join us live or virtually at 2:30pm PST today!

Are you attending @ekoparty ? Go stop by the @GitHubSecurity booth and say hello to @s2jeff_gh from our Bounty Team.

My first blog post at GitHub! We have been hard at work upgrading our encryption strategy to ActiveRecord::Encryption. Keep an eye out because next week we will detail how we migrated previously encrypted data to the new standard and how you can too!

@BriansAngles @patricktoomey 🙌

.@patricktoomey @gose1 Fine grained personal access tokens 😍 Was just about to tweet at you and GitHub begging for that, crazy it seems like it launched today?

GitHub has learned of a phishing campaign targeting GitHub users by impersonating CircleCI to harvest user credentials and two-factor codes. Read more about our response and how to protect your accounts from phishing attacks. github.blog/2022-09-21-sec…

@corywilkerson The Source by Ayreon

Name me a record you’re convinced is a masterpiece — but you’re equally convinced no one here will believe you or care. I’ll listen!

GitHub's Bug Bounty team just hit 1000 reports resolved! ✨🎉✨🎉✨🎉

Incredibly excited to see Entitlements open sourced for identity and access management on GitHub! Bravo @mrsbworth @rickbradley and @notmailman! 👏🎉👏🎉 github.blog/2022-06-09-int…

📚 tl;dr sec 135 * @BSidesSF this weekend! * @google Cloud forensics utils * @thejillboss, @thedawgyg Running bug bounty programs * @chainguard_dev Supply chain security reading list * @DanielMiessler Newsletter analysis * @0x00C651E0 RCE in Rails apps tldrsec.com/blog/tldr-sec-…

Looking to rollout Dependabot for your enterprise? Check out how GitHub's security team uses Dependabot internally. github.blog/2022-05-25-how…

Join the security teams @twilio @netflix and @github for an exciting virtual event Apr 28 3:00pm-5:00pm PDT to discuss Scaling AppSec with your Application Security practitioner colleagues! scalingsecurityappsec.splashthat.com

@james_s_white Was great working with you all these years James! Enjoy your time off!

After 8.25 years, today is my last day at GitHub. I started as employee #252 and ended as the #49th most tenured hubber. It has been a privilege to have worked with such talented people.

@ElSec_ @Hacker0x01 @GitHubSecurity Thanks for your contribution to the program and to the security of npm. Looking forward to your next submission!

I have published a blog post on my first bug bounty report on @Hacker0x01. I discovered a logic flaw in npm's URL routing: elinfosec.com/2022/my-first-…. Thank you, @GitHubSecurity, for the fast response time and professional triaging process.