Articles tagged github
Security.txt: Make Vulnerabilities Easier to Report
We all know that all software has bugs and that security is hard, but somehow we are still surprised when we see new vulnerabilities. Vulnerability A bug, flaw, weakness, or exposure of an application, system, device, or service that could lead to a failure of confidentiality, integrity, or availability. In 2020, there were 18,395 vulnerabilities reported, which means about 50 new vulnerabilities are reported every day. These numbers only include what has been reported to...
Developers Guide to GPG and YubiKey
Setting up a new YubiKey as a second factor is easy—your browser walks you through the entire process. However, setting up a YubiKey to sign your Git commits and Secure Shell (SSH) authentication is a very different experience. In this post, I’ll walk through configuring a YubiKey and highlight some of the things I’ve learned along the way. I’ve used GPG for years, but it didn’t really "click" for me until I sat down and...
Is GitHub Package Registry the npm Killer?
GitHub recently announced a new feature, GitHub Package Registry, currently in beta. It’s designed to allow GitHub users to publish and distribute packages of their software directly on GitHub instead of relying on an external system. At a glance, GitHub Package Registry has the following features and benefits. Supports multiple package clients: npm, Maven, NuGet, RubyGems, and Docker images Supports public and private packages Supports pre-release packages Can use webhooks and GitHub Actions to customize...
Test Your GitHub Repositories with Docker in 5 Minutes
How many times have you checked your code into GitHub, just to have someone else check it out and find out there was some dependency missing so they could not get it to run? I rely heavily on Docker for my build environment, and before I release anything to a teammate, I like to run it through a quick test in Docker to make sure everything is working properly. This approach is simple and only...