GitHub rolls out AI-powered fixes for code vulnerabilities GitHub introduced Copilot Autofix in production on August 14. “Copilot Autofix analyzes vulnerabilities in code, explains why they matter, and offers code suggestions that help developers fix vulnerabilities as fast as they are found,” GitHub said in the announcement. GHAS customers on GitHub Enterprise Cloud already have Copilot Autofix included in their subscription. GitHub has enabled Copilot Autofix by default for these customers in their GHAS code scanning settings. Beginning in September, Copilot Autofix will be offered for free in pull requests to open source projects. #github #AI #copilot
GenAI Consulting’s Post
More Relevant Posts
-
For this third article in our series on exploiting #GitHub Actions, ☀️ Hugo Vincent explains 3 common configuration errors that can be encountered on public GitHub repositories using GitHub Actions. Each technique is illustrated by a real-life example we found on popular repositories such as Azure, Firebase, Swagger and Alibaba. If exploited by a malicious actor, they could lead to leaks of sensitive secrets or even arbitrary code push in some cases. The good news is you can detect them with octoscan (https://lnkd.in/gD-KqHmy), our static vulnerability scanner for GitHub Actions. https://lnkd.in/g8DejgcY
To view or add a comment, sign in
-
A mishandled GitHub token granted unrestricted access to Mercedes-Benz AG's internal GitHub Enterprise Service, exposing sensitive source code to the public. Discovered on September 29, 2023, by RedHunt Labs, the incident revealed critical internal information, including database connection strings, cloud access keys, blueprints, design documents, SSO passwords, and API keys. The exposure of such data can have severe consequences, as outlined by the researchers. Read more below and here 👉: https://lnkd.in/dwep68JM #github #mercedesbenz #databreach #automotive
A mishandled GitHub token exposed Mercedes-Benz source code
bleepingcomputer.com
To view or add a comment, sign in
-
ArtiPACKED: GITHUB_TOKENs leaked in GitHub Actions Artifacts. Researchers uncovered a critical vulnerability in GitHub Actions that could allow attackers to compromise high-profile open source projects and potentially access cloud environments. The issue involves workflow artifacts inadvertently leaking sensitive tokens and credentials. The vulnerability stems from a race condition where attackers can download artifacts and extract tokens before expiration, potentially enabling unauthorized code pushes. Many popular open source projects from major tech companies were affected, including widely-used tools impacting millions of users. As a proof-of-concept, researchers created unauthorized branches in several major repositories. I've encountered this behavior accidentally before; there's definitely potential to leverage this for nefarious things. Pay extra attention to any GitHub Actions workflows that involve cloning repos and use "persist-credentials: true" https://lnkd.in/g_Nvrv8q
To view or add a comment, sign in
-
Just finished the course “GitHub Administration Cert Prep: 6 Manage Actions” by Noah Gift! Check it out: https://lnkd.in/eqkEffG8 #systemadministration #github.
Certificate of Completion
linkedin.com
To view or add a comment, sign in
-
We just launched Ubicloud hosted Arm runners for GitHub Actions. These runners bring a 100x price/performance benefit over GitHub's default runners when you’re building & testing for arm64. https://lnkd.in/epk9-ac9 We put together a blog post that shows these numbers; and also talks about other topics such as ease of use and security on GitHub runners. My favorite part of the blog post is what our customers are saying. As Wilkins Chung, the CEO of Manifold puts it, "ARM based builds have always been a pain on GitHub. The need to use workaround images and the additional time it took to run these images kept hurting. Ubicloud's ARM runners solved these issues with a one-line change and we're way more productive because of it!” #github #githubactions #arm #ubicloud
Ubicloud Hosted Arm Runners, 100x better price/performance
ubicloud.com
To view or add a comment, sign in
-
The speedup of not having to emulate makes it a satisfying and practical device to have contributed to. I also expect it to have great economy on portable, parallelized workloads: two arm64 vcpus = two cores, two x64 vcpus is almost always only one core because of SMT.
We just launched Ubicloud hosted Arm runners for GitHub Actions. These runners bring a 100x price/performance benefit over GitHub's default runners when you’re building & testing for arm64. https://lnkd.in/epk9-ac9 We put together a blog post that shows these numbers; and also talks about other topics such as ease of use and security on GitHub runners. My favorite part of the blog post is what our customers are saying. As Wilkins Chung, the CEO of Manifold puts it, "ARM based builds have always been a pain on GitHub. The need to use workaround images and the additional time it took to run these images kept hurting. Ubicloud's ARM runners solved these issues with a one-line change and we're way more productive because of it!” #github #githubactions #arm #ubicloud
Ubicloud Hosted Arm Runners, 100x better price/performance
ubicloud.com
To view or add a comment, sign in
-
📣 Let’s start this summer week by spending ~7 minutes for the common good! No matter how boring they might seem, surveys _are_ essential! Recently, Cloud Native Computing Foundation (CNCF) and The Linux Foundation Research have launched the “Kubernetes Turns 10” survey to understand the impact of #Kubernetes. To participate, you’ll need to share your views on Kubernetes, its evolution, and its visible impact. You will not only contribute to creating a helpful report about Kubernetes but will also get a 30% discount on any LF e-learning training course or certification exam 👍 Find it here and share it with your colleagues: https://lnkd.in/gv774gEj
Kubernetes Turns 10 Survey
research.net
To view or add a comment, sign in
-
We now have a 100x price-performance gain vs default GitHub runners when using Ubicloud ‘s managed runners for Arm. The best part of it is, you can see it for your own in less than 5 minutes, with just a few lines of change in your GitHub Actions workflow file. 10x here comes in the form of cloud cost savings. The other 10x from performance gains using native Arm processors on Ubicloud. My cofounder Ozgun Erdogan’s blog post has all the details. We are excited to make the cloud less expensive and more friendly — let us know what you think.
We just launched Ubicloud hosted Arm runners for GitHub Actions. These runners bring a 100x price/performance benefit over GitHub's default runners when you’re building & testing for arm64. https://lnkd.in/epk9-ac9 We put together a blog post that shows these numbers; and also talks about other topics such as ease of use and security on GitHub runners. My favorite part of the blog post is what our customers are saying. As Wilkins Chung, the CEO of Manifold puts it, "ARM based builds have always been a pain on GitHub. The need to use workaround images and the additional time it took to run these images kept hurting. Ubicloud's ARM runners solved these issues with a one-line change and we're way more productive because of it!” #github #githubactions #arm #ubicloud
Ubicloud Hosted Arm Runners, 100x better price/performance
ubicloud.com
To view or add a comment, sign in
-
I work at GitHub, a Microsoft company. No cold contacts please. If I don't know you, I will probably not add you, sorry
GitHub’s new ✨ push rules let you restrict paths, file names, path lengths and file sizes 🐘 for your repos. What could you do with a global 🌐 .gitignore? This is a win 🏆 for security🛡️- you could make an org wide rule to block the names such as: *.env *secret*.y*ml passwords.txt 🫠 id_rsa id_ed25519 *.pem *.der *.key *.crt *.cer *.p7b *.p7s *.pfx *.p12 … and so on You might want to commit test keys and certs, so these are just examples, not a definitive list. Want to only allow some roles, teams or apps to push to .github/workflows to protect the integrity of your CI? You can do that. Don’t want documents mixed with code? Ban the file names: *.pptx *.xlsx *.docx … and so on Share your favourite banned file names! 👇 They’re not available for public repos. If you’ve got views on that or any other feedback then share those here: https://lnkd.in/e4afz6MJ How will you use push rules? #GitHub #BranchProtection #AppSec #DevSecOps #DevOps
Push rules public beta
https://github.blog
To view or add a comment, sign in
-
Happy 10th Birthday, Kubernetes! Today, Kubernetes turns 10! It's been a decade filled of revolutionizing container orchestration in the cloud and helping organizations achieve greater agility & efficiency. Read more about Kubernetes' fascinating journey and its impact on the IT landscape & HBD K8s! https://hubs.ly/Q02zSPlg0 #Kubernetes #CloudComputing #DevOps #ITConsulting #k8s #containerization #linux
10 Years of Kubernetes
kubernetes.io
To view or add a comment, sign in
796 followers