Introducing secret scanning validity checks for major cloud services
Secret scanning now performs validity checks for select AWS, Microsoft, Google, and Slack tokens.
Enhanced push protection features for developers and organizations
Introducing two new secret scanning push protection features that will enable individual developers to protect all their pushes and organizations to gain insights and trends across their repositories.
Introducing self-service SBOMs
Developers and compliance teams get a new SBOM generation tool for cloud repositories.
GitHub’s supply chain security features now support Dart
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.
Creating a more comprehensive dependency graph with build time detection
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
GitHub brings supply chain security features to the Rust community
The Rust community can now discover, report, and prevent security vulnerabilities.
Prevent the introduction of known vulnerabilities into your code
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.