GitHub ndi chiyambi , cholinga chokonzekera mgwirizano wa akatswiri achitetezo ochokera kumakampani ndi mabungwe osiyanasiyana kuti azindikire zofooka ndikuthandizira kuzichotsa muzolemba zamapulojekiti otseguka.
Makampani onse omwe ali ndi chidwi komanso akatswiri achitetezo apakompyuta akuitanidwa kuti alowe nawo. Kuzindikira kusatetezeka kulipira kwa mphotho yofikira $3000, kutengera kuopsa kwa vutolo komanso mtundu wa lipotilo. Tikukulangizani kuti mugwiritse ntchito chidachi kuti mupereke zambiri zavuto. , zomwe zimakulolani kuti mupange template ya code yomwe ili pachiopsezo kuti muzindikire kukhalapo kwa chiwopsezo chofanana mu ndondomeko ya ntchito zina (CodeQL imapangitsa kuti pakhale kusanthula kwa semantic kwa code ndikupanga mafunso kuti afufuze mapangidwe ena).
Ofufuza zachitetezo ochokera ku F5, Google, HackerOne, Intel, IOActive, JP Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Trail of Bits, Uber ndi
VMWare, yomwe pazaka ziwiri zapitazi ΠΈ Zowopsa 105 pama projekiti monga Chromium, libssh2, Linux kernel, Memcached, UBoot, VLC, Apport, HHVM, Exiv2, FFmpeg, Fizz, libav, Ansible, npm, XNU, Ghostscript, Icecast, Apache Struts, strongSwani, Apachers Igyswan, Apachers , Apache Geode ndi Hadoop.
GitHub's code security lifecycle ikuphatikiza mamembala a GitHub Security Lab kuzindikira zofooka, zomwe zidzadziwitsidwa kwa osamalira ndi omanga, omwe adzakonza zokonza, kugwirizanitsa nthawi yowulula vutoli, ndikudziwitsa mapulojekiti omwe amadalira kukhazikitsa mtunduwo. Malo osungirako zinthuwa adzakhala ndi ma tempuleti a CodeQL kuti aletse kuwonekeranso kwa zovuta zomwe zathetsedwa mu code yomwe ilipo pa GitHub.
Kupyolera mu mawonekedwe a GitHub mungathe tsopano Chizindikiritso cha CVE chavuto lomwe ladziwika ndikukonzekera lipoti, ndipo GitHub palokha itumiza zidziwitso zofunika ndikukonza kuwongolera kwawo kogwirizana. Kuphatikiza apo, vutoli likathetsedwa, GitHub imangotumiza zopempha zokoka kuti zisinthe zomwe zikugwirizana ndi polojekiti yomwe yakhudzidwa.
GitHub yawonjezeranso mndandanda wazowopsa , yomwe imasindikiza zokhudzana ndi zovuta zomwe zikukhudza mapulojekiti pa GitHub ndi zambiri zotsata phukusi ndi nkhokwe zomwe zakhudzidwa. Zozindikiritsa za CVE zomwe zatchulidwa mu ndemanga pa GitHub tsopano zimangolumikizana ndi chidziwitso chazachiwopsezo chomwe chili patsamba lomwe latumizidwa. Kuti mugwiritse ntchito ndi database, chosiyana .
Kusintha kumanenedwanso kuteteza motsutsana ku nkhokwe zofikiridwa ndi anthu
data tcheru monga zizindikiro zotsimikizira ndi makiyi olowera. Pakudzipereka, scanner imayang'ana makiyi ndi mawonekedwe omwe amagwiritsidwa ntchito , kuphatikiza Alibaba Cloud API, Amazon Web Services (AWS), Azure, Google Cloud, Slack ndi Stripe. Ngati chizindikiro chadziwika, pempho limatumizidwa kwa wothandizira kuti atsimikizire kutayikira ndikuchotsa zizindikiro zowonongeka. Kuyambira dzulo, kuwonjezera pa mawonekedwe omwe adathandizidwa kale, chithandizo chofotokozera zizindikiro za GoCardless, HashiCorp, Postman ndi Tencent zawonjezedwa.
Source: opennet.ru