security-products

Subscribe to all “security-products” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

To make it easier to submit security advisories, GitHub now validates package names.

When submitting a new GHSA (GitHub Security Advisory) in a repository, the user is prompted to enter the ecosystem (e.g. npm, maven) and package name (e.g. webpack, lodash). Now, when they enter the name, there will be a validation message at the bottom of the form to confirm whether or not the package name they entered has been found in the ecosystem they specified.

To learn more about submitting advisories to our Advisory Database, check out our documentation here.

See more