GitHub's CSP journey

We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content…

By Sonic Mustang · March 16, 2026 · 1 min read

engineering
platform security
ptoomey3

Source: The GitHub Blog

We shipped subresource integrity a few months back to reduce the risk of a compromised CDN serving malicious JavaScript. That is a big win, but does not address related content…