Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting

April 3, 2024, 2:26 p.m. | Jorge Rosillo

The GitHub Blog: Security News and Updates github.blog

This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.

The post Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting appeared first on The GitHub Blog.

blog blog post code codeql code scanning codespaces cve features github github security lab post security private reporting research scanning security security research vulnerability vulnerability reporting walkthrough

Visit resource

More from github.blog / The GitHub Blog: Security News and Updates

How AI enhances static application security testing (SAST) 1 week, 2 days ago | github.blog

ai insights application application security application security testing +18

Introducing Artifact Attestations–now in public beta 2 weeks, 2 days ago | github.blog

actions artifact beta blog +7

Where does your software (really) come from? 2 weeks, 4 days ago | github.blog

blog capabilities community github +11

CodeQL zero to hero part 3: Security research with CodeQL 2 weeks, 6 days ago | github.blog

blog codeql github github security lab +6

Securing millions of developers through 2FA 3 weeks, 3 days ago | github.blog

2fa adoption developers ecosystem +9

Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private … 1 month, 2 weeks ago | github.blog

blog blog post code codeql +16

Gaining kernel code execution on an MTE-enabled Pixel 8 2 months ago | github.blog

android app arm arm mali +22

Keeping secrets out of public repositories 2 months, 2 weeks ago | github.blog

blog default developers github +10

How to stay safe from repo-jacking 2 months, 3 weeks ago | github.blog

attack blog blog post can +10

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España

View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania

View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States

View on infosec-jobs.com

all InfoSec news

Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting

More from github.blog / The GitHub Blog: Security News and Updates

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

Senior - Penetration Tester

Associate Cyber Incident Responder

Senior Insider Threat Analyst