今日已更新 213 条资讯 | 累计 20683 条内容
关于我们

标签:#GitHub

找到 1034 篇相关文章

AI 资讯

End-to-End GitHub Security Hardening Guide for Organizations

GitHub is not just a source code platform anymore. For most engineering organizations, GitHub is part identity system, part software supply chain, part CI/CD platform, part secret store, part deployment orchestrator, and part production change-control system. That means we should secure GitHub like a production control plane. This guide is written from the perspective of a CISO tightening GitHub across an organization. It is not a high-level best-practice list. It is a practical hardening baseline we can apply, audit, and improve over time. The goal is simple: Nobody should be able to compromise our source code, workflows, secrets, build systems, release process, or production environments because GitHub was loosely governed. How to Use This Guide Use it in three layers: Layer Audience Purpose Executive baseline CISO, Head of Engineering, Platform leadership Define why GitHub is a Tier-0 engineering control plane Security standard Security, Platform Engineering, AppSec, DevSecOps Define mandatory controls, evidence, exceptions, and ownership Operational runbook SOC, repository owners, release engineers Support onboarding, monitoring, detection, incident response, and quarterly review Control language in this guide should be interpreted as follows: Term Meaning Must / Required Mandatory baseline control unless a documented exception is approved Should / Recommended Strongly expected control; deviations require documented rationale May / Optional Context-dependent control based on repository classification and risk Exception Time-bound, risk-accepted deviation with owner, compensating controls, and review date Every mandatory control should eventually map to: Control ID → Requirement → Owner → Enforcement → Evidence → Monitoring → Exception path Section 29 provides the operational enforcement map that tells administrators where to find each GitHub setting, what to configure, and what evidence to retain. This prevents the standard from becoming a long checklist that no

2026-06-10 原文 →
AI 资讯

coding agents made repositories the security boundary

GitHub shipped a small changelog entry this week that says more about the future of coding agents than most of the launch demos. Security validation for third-party coding agents is now generally available. Not just for GitHub's own Copilot cloud agent. For third-party agents too, including Claude and OpenAI Codex. The feature sounds boring in the best possible way. When an agent creates code, GitHub can run CodeQL, check new dependencies against the GitHub Advisory Database, and use secret scanning to detect tokens, API keys, and other sensitive material. If it finds a problem, the agent tries to fix it. That is not the flashy part of agentic coding. It is the important part. Because once agents are allowed to act inside repos, the question stops being "which model wrote this diff?" and becomes "can the repository apply the same policy to every automation actor?" authorship is the wrong abstraction We still talk about generated code as if authorship is the primary thing that matters. Was this written by Copilot? Claude? Codex? A human with tab completion? A human who pasted something from a chat window and cleaned it up? A junior engineer following a Stack Overflow answer from 2018? Those distinctions matter for procurement and product marketing. They matter less for the repository. The repository has a simpler problem: a change is trying to enter the system. It may introduce a vulnerability, add a risky dependency, leak a secret, violate an internal rule, or be perfectly fine. That is why the GitHub change is interesting. It moves the useful boundary from "our approved coding assistant" to "any coding agent operating in this repository." the agent is now an actor For years, repository automation was mostly boring and legible. CI ran tests. Dependabot opened dependency updates. Release bots bumped versions. Linters complained. Security scanners commented. Humans reviewed. The automation could be annoying, but its shape was predictable. Coding agents are different.

2026-06-10 原文 →