Posts by
Senior Product Manager at GitHub. Twitter: https://twitter.com/Kate_Catlin
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem!