GitHub hindise leh , loogu talagalay in lagu abaabulo iskaashiga khubarada amniga ee shirkado iyo hay'ado kala duwan si loo ogaado dayacanka iyo in laga caawiyo sidii loo baabi'in lahaa xeerka mashaariicda il furan.
Dhammaan shirkadaha danaynaya iyo kuwa gaarka ah ee ku takhasusay ilaalinta kombuyuutarka ayaa lagu martiqaaday inay ku soo biiraan hindisaha. Si loo aqoonsado baylahda bixinta abaal-marin dhan $3000, taasoo ku xidhan darnaanta dhibka iyo tayada warbixinta. Waxaan soo jeedineynaa isticmaalka qalabka si aad u gudbiso macluumaadka dhibaatada. , kaas oo kuu ogolaanaya inaad abuurto template ah code nugul si loo ogaado joogitaanka dayacanka la mid ah code of mashaariicda kale (CodeQL ka dhigaysa in ay suurto gal in la sameeyo falanqaynta semantic code iyo dhaliyo weydiimo si loo raadiyo qaab-dhismeedka qaarkood).
Baarayaasha amniga ee F5, Google, HackerOne, Intel, IOActive, JP Morgan, LinkedIn, Microsoft, Mozilla, Kooxda NCC, Oracle, Trail of Bits, Uber iyo
VMWare, kaas oo labadii sano ee la soo dhaafay ΠΈ Nuglaanta 105 ee mashaariicda sida Chromium, libssh2, Linux kernel, Memcached, UBoot, VLC, Apport, HHVM, Exiv2, FFmpeg, Fizz, libav, macquul, npm, XNU, Ghostscript, Icecast, Apache Struts, strongSwan, Aparche Ignite, , Apache Geode iyo Hadoop.
Soo jeedinta GitHub ee koodhka nolosha meertada amniga ayaa ku lug leh xubnaha GitHub Security Lab ee tilmaamaya dayacanka, kaas oo markaa lala xidhiidhi doono ilaaliyayaasha iyo horumariyayaashu, kuwaas oo horumarin doona hagaajinta, isku dubaridi doona goorta la shaacinayo arinta, oo ogaysiin doona mashaariicda ku tiirsan si loo rakibo nooca. iyadoo meesha laga saarayo dayacanka Xogta kaydka waxa ku jiri doona habab CodeQL si looga hortago inay dib u soo baxaan dhibaatooyinka la xaliyay ee ku jira koodka ku jira GitHub.
Iyada oo loo marayo interface GitHub hadda waad awoodaa Aqoonsiga CVE ee dhibaatada la aqoonsaday oo diyaariyo warbixin, GitHub lafteedu waxay soo diri doontaa ogeysiisyada lagama maarmaanka ah waxayna abaabuli doontaa sixiddooda isku dubaridan. Intaa waxaa dheer, marka arrinta la xalliyo, GitHub waxay si toos ah u soo gudbin doontaa codsiyada jiidista si ay u cusboonaysiiso ku tiirsanaanta la xidhiidha mashruuca ay saamaysay.
GitHub waxa kale oo ay ku dartay liis dayacan , kaas oo daabaca macluumaadka ku saabsan dayacanka saameeya mashaariicda GitHub iyo macluumaadka si loola socdo xirmooyinka iyo kaydadka ay saameysay. Aqoonsiga CVE ee lagu sheegay faallooyinka GitHub hadda si toos ah ugu xidha macluumaadka faahfaahsan ee ku saabsan baylahda ku jirta xogta la gudbiyay. Si aad si otomaatig ah ula shaqeyso kaydka xogta, mid gooni ah .
Cusboonaysiinta ayaa sidoo kale la sheegay si looga hortago Kaydka dadweynaha ee la heli karo
xogta xasaasiga ah sida calaamadaha xaqiijinta iyo furayaasha gelitaanka Inta lagu jiro ballan-qaadka, sawir-qaaduhu wuxuu hubinayaa furaha caadiga ah iyo qaababka calaamada ee la isticmaalo , oo ay ku jiraan Alibaba Cloud API, Amazon Web Services (AWS), Azure, Google Cloud, Slack and Stripe. Haddii calaamad la aqoonsado, codsi ayaa loo diraa bixiyaha adeegga si loo xaqiijiyo daadinta oo laga noqdo calaamadihii la jabiyay. Laga bilaabo shalay, marka lagu daro qaabab hore loo taageeray, taageerada qeexida GoCardless, HashiCorp, Boostada iyo calaamadaha Tencent ayaa lagu daray.
Source: opennet.ru