Skip to content

Category

Security

Avoiding npm substitution attacks

Avoiding npm substitution attacks

Supply chain attacks are a reality in modern software development. Thankfully, you can reduce the attack surface by taking precautions and being thoughtful about how you manage your dependencies. We…

Isaac Z. Schlueter
Happy anniversary GitHub Security Lab!

Happy anniversary GitHub Security Lab!

Last year at GitHub Universe, we introduced the GitHub Security Lab, which is committed to contributing resources, tooling, bounties, and security research to secure the open source ecosystem. We know…

Jamie Cool
Applying DevSecOps to your software supply chain

Applying DevSecOps to your software supply chain

To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.

Maya Kaczorowski