Bleeping Computer

GitHub deprecates account passwords for authenticating Git operations

GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow. This change was first announced last year, in July, when GitHub said ...
PC Magazine

GitHub Ditches Password-Based Authentication for Many Workflows

GitHub now officially requires token-based authentication for its command line interface, third-party apps, and services that access Git repositories hosted on the platform. I've been writing about ...
Security Boulevard

Scanning GitHub Gists for Secrets with Bring Your Own Source

Developers treat GitHub Gists as a "paste everything" service, accidentally exposing secrets like API keys and tokens. BYOS ...
TheServerSide

How to use GitHub Actions secrets to hide your tokens and passwords example

Community driven content discussing all aspects of software development from DevOps to design patterns. One of the ongoing challenges DevOps professionals face when developing continuous integration ...
Bleeping Computer

GitHub can now auto-block commits containing API keys, auth tokens

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...
CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...