Blogs about SCMs
Sign up for our newsletter




GitHub Codespaces Security Best Practices
GitHub configurations aren't secure out of the box. It's up to you to secure them. This blog discusses GitHub's new Codespaces product and how to secure it.
Read More


Breaking News: How a Massive Malware Attack Almost Occurred on GitHub
Earlier today, Stephan Lacy published a Twitter post about a massive attack on GitHub. Even though later it was understood that none of the original GitHub repositories was infected, the attack attempt is a huge deal.
Read More
Securing GitHub: How to Keep Your Code and Pipelines Safe from Hackers
GitHub makes it easy for developers to collaborate, but it’s also easy for bad actors to exploit misconfigurations and vulnerabilities.
Read More
GitHub Security Best Practices Your Team Should Be Following
This article will explain why security and GitHub should go hand in hand and describes a few best practices we believe any organization using GitHub should employ to reduce GitHub security risks.
Read More
Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks
We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.
Read More
Latest GitHub OAuth Tokens Attack Explained and How to Protect Yourself
This GitHub OAuth access token attack was announced by GitHub Security and is a compromise of OAuth access tokens issued to Heroku and Travis-CI integrations.
Read More

Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline
Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
Read More
Detecting Secrets in Your Source Code
What are secrets in source code, why they must be protected, and how to keep them safe.
Read MoreSchedule a Demo
Book a demo including the option to analyze your own software supply chain.