News

CSO Online4d
GitHub Actions attack renders even security-aware orgs vulnerable
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by ...
Wired6y
GitHub ‘Sponsors’ Now Lets Users Back Open Source Projects
Last year, Microsoft paid $7.5 billion to buy GitHub ... open source code. But even as some companies build multibillion-dollar businesses atop freely available code, other open source projects ...
VentureBeat4y
The Open Source Index showcases GitHub’s most popular projects right now
As such, the Open Source Index is based on the top GitHub projects as per the number of people that are “watching” a project ... and Visual Studio Code, among other arguably “more relevant ...
CSOonline1y
Most popular generative AI projects on GitHub are the least secure
Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub ... source code, build dependencies, testing, and project ...
Bleeping Computer7mon
GitHub projects targeted with malicious commits to frame researcher
GitHub projects have ... demonstrated how malicious code could be snuck into legitimate and widely popular open source libraries by nefarious actors. Open source project maintainers are urged ...