All "Product" posts
In this interview, we dig deeper with Maya Kaczorowski on what DevSecOps is, and how to apply it. It’s a mindset shift in how development teams think about security. DevSecOps is about making all parties who are part of the application development lifecycle accountable for security of the application.
Announcing the public beta of our new integration between GitHub and Microsoft Teams.
A software supply chain is anything that goes into, or affects your code. Even though supply chain compromises are real, and growing in popularity, they’re still extremely rare – and so the most important thing you can do to protect your supply chain is patch your vulnerabilities. Then, to successfully secure your software supply chain, you need to understand the dependencies in your environment, know about vulnerabilities in those dependencies, and quickly patch them. For Software Composition Analysis (SCA) capabilities native to GitHub, use Dependency Graph, Dependabot alerts, and Dependabot security and version updates to automate the hard work.
GitHub Container Registry introduces easy sharing across organizations, fine-grained permissions, and free, anonymous access for public container images