GitHub Reduces Secret Scanning False Positives with LLM Verification
GitHub Blog3 days agoReleaseGitHub describes an improvement to secret scanning that uses context-aware LLM reasoning during verification, after candidate secrets are detected. Instead of sending whole files or repositories to a model, the system extracts focused usage signals, such as whether a value flows into authentication, API, database, or cloud SDK code. In tests on customer-confirmed false positives, GitHub reports a 75.76% reduction, above its 65% target, while preserving detection coverage.
Vercel 推出 deepsec:自動偵測與修復程式碼漏洞的安全防護工具★ 75
Vercel Changelog41 days agoReleaseVercel recently announced the launch of a new security tool called "deepsec," designed to provide developers' codebases with a comprehensive security safety…
Vercel 為 skills.sh 推出自動化安全審計功能
Vercel Changelog117 days agoReleaseVercel's official Changelog announced that automated security audits have been formally launched for `skills.sh`. `skills.sh` is an interactive skill-learning…
Hugging Face 與 JFrog 攜手合作,提升 AI 安全與軟體供應鏈透明度★ 70
Hugging Face Blog467 days agoBusinessWith the explosive growth of generative AI and open-source models, an increasing number of enterprises are integrating models from Hugging Face into their core…
Hugging Face 與 Truffle Security 合作,引進 TruffleHog 自動掃描並防範金鑰洩漏★ 70
Hugging Face Blog648 days agoReleaseHugging Face has officially announced a partnership with the well-known cybersecurity company Truffle Security, integrating the open-source credential scanning…