GitHub faatasi ai ma le taulamua , e faʻatatau i le faʻatulagaina o le galulue faʻatasi o tagata tomai faapitoa i le puipuiga mai kamupani ma faʻalapotopotoga eseese e faʻamaonia faʻafitauli ma fesoasoani i le faʻaumatiaina o latou i le code of open source projects.
O kamupani uma e fiafia ma tagata tomai faapitoa tau komepiuta e vala'aulia e auai i le fuafuaga. Mo le faailoaina o le tulaga vaivai totogi o se taui e oo atu i le $3000, e fuafua i le ogaoga o le faafitauli ma le tulaga lelei o le lipoti. Matou te fautua atu e faʻaaoga le meafaigaluega e tuʻuina atu ai faʻamatalaga faʻafitauli. , lea e mafai ai ona e faia se faʻataʻitaʻiga o le faʻailoga vaivai e iloa ai le i ai o se faʻafitauli tutusa i le code o isi galuega faatino (CodeQL e mafai ai ona faʻatautaia semantic analysis of code ma faʻatupu fesili e suʻe ai ni fausaga faʻapitoa).
Tagata suʻesuʻe saogalemu mai F5, Google, HackerOne, Intel, IOActive, JP Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Trail of Bits, Uber ma
VMWare, lea i le lua tausaga talu ai и 105 faʻafitauli i galuega faʻatino e pei o Chromium, libssh2, Linux kernel, Memcached, UBoot, VLC, Apport, HHVM, Exiv2, FFmpeg, Fizz, libav, Ansible, npm, XNU, Ghostscript, Icecast, Apache Struts, strongSwan, Apache Igognite, rsys. , Apache Geode ma Hadoop.
GitHub's code security lifecycle e aofia ai sui o le GitHub Security Lab e faʻailoaina faʻafitauli, lea o le a fesoʻotaʻi atu i tagata tausia ma atinaʻe, o le a latou faia ni faʻaleleia, faʻamaopoopo le taimi e faʻaalia ai le mataupu, ma logoina galuega faʻalagolago e faʻapipiʻi le version. O le database o le a iai faʻataʻitaʻiga CodeQL e taofia ai le toe faʻaalia o faʻafitauli ua foia i le code o loʻo i luga o GitHub.
E ala i le GitHub interface e mafai nei CVE faʻamatalaga mo le faʻafitauli faʻaalia ma saunia se lipoti, ma GitHub lava ia o le a tuʻuina atu faʻamatalaga talafeagai ma faʻatulaga a latou faʻasaʻoga faʻamaopoopo. E le gata i lea, o le taimi lava e foia ai le mataupu, GitHub o le a otometi lava ona tuʻuina atu talosaga toso e faʻafouina ai faʻalagolago e fesoʻotaʻi ma le poloketi ua afaina.
GitHub ua faʻaopoopoina foi se lisi o faʻafitauli , lea e lolomi ai faʻamatalaga e uiga i faʻafitauli e aʻafia ai galuega i luga o GitHub ma faʻamatalaga e siaki ai afifi ma fale teu oloa. O faʻamatalaga CVE o loʻo taʻua i faʻamatalaga i luga o GitHub ua otometi lava ona fesoʻotaʻi i faʻamatalaga auiliili e uiga i le faʻafitauli i le tuʻuina atu o faʻamaumauga. Ina ia otometi le galue ma le database, se ese .
O loʻo lipotia foʻi faʻamatalaga e puipuia mai i faleteuoloa avanoa lautele
fa'amatalaga ma'ale'ale e pei o fa'ailoga fa'amaonia ma ki avanoa. I le taimi o se tautinoga, e siaki e le scanner le ki masani ma faʻailoga o loʻo faʻaaogaina , e aofia ai le Alibaba Cloud API, Amazon Web Services (AWS), Azure, Google Cloud, Slack ma Stripe. Afai e iloa se faʻailoga, e tuʻuina atu se talosaga i le kamupani e tuʻuina atu auaunaga e faʻamaonia le liki ma faʻaumatia faailoga faʻafefeteina. E pei o ananafi, i le faʻaopoopoga i faʻasologa na lagolagoina muamua, lagolago mo le faʻamalamalamaina o GoCardless, HashiCorp, Postman ma Tencent faʻailoga ua faʻaopoopoina.
puna: opennet.ru