Home / Engineering / Platform security

Platform security

The software supply chain starts with the developer. To make sure that GitHub, the home of open source, can help defend the entire ecosystem against supply chain attacks, we bring our engineering and security teams together as we build. Here’s how.

Featured

We do newsletters, too

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

Latest

How we threat model

At GitHub, we spend a lot of time thinking about and building secure products—and one key facet of that is threat modeling. This practice involves bringing security and engineering teams…

An illustration of two octocats repairing a robot.

Soft U2F

In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F: a software-based U2F authenticator for macOS. We’ve long been interested in promoting better…

GitHub’s post-CSP journey

Last year we shared some details on GitHub’s CSP journey. A journey was a good way to describe it, as our usage of Content Security Policy (CSP) significantly changed from…

GitHub’s CSP journey

We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content…

The world's largest developer platform

Docs

Docs

Everything you need to master GitHub, all in one place.

GitHub

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Customer stories

Customer stories

Meet the companies and engineering teams that build with GitHub.

Work at GitHub!

Work at GitHub!

Check out our current job openings.