Security - The Mergify Blog

Security

A collection of 3 posts

On API Keys Best Practices

On API Keys Best Practices

APIs are everywhere. They became ubiquitous over the last years and every startup building a product is now ordered to offer them. They became a major selling point for any SaaS business. Engineering and product teams focus on the design of their API, from top to bottom, making sure they

How to Deal with the Abuse of your Service?

How to Deal with the Abuse of your Service?

As Mergify keeps growing, we keep encountering new issues. A few weeks ago, we explained how we had to adapt to our traffic increase [https://blog.mergify.io/handling-780k-github-events-per-day/] and handling close to 1M events per day. With growth comes its share of abusive accounts. In the same fashion that

(Un)signed commits: how we found a (non) security bug in GitHub

(Un)signed commits: how we found a (non) security bug in GitHub

When you build an entire software around someone else API, you tend to know everything about it. We made Mergify [https://mergify.io] on top of GitHub API, and it's hard to describe how well we understand its API. From its fabulous and beloved features to its most horrible defects,