A software supply chain is anything that goes into, or affects your code. Even though supply chain compromises are real, and growing in popularity, they’re still extremely rare – and so the most important thing you can do to protect your supply chain is patch your vulnerabilities. Then, to successfully secure your software supply chain, you need to understand the dependencies in your environment, know about vulnerabilities in those dependencies, and quickly patch them. For Software Composition Analysis (SCA) capabilities native to GitHub, use Dependency Graph, Dependabot alerts, and Dependabot security and version updates to automate the hard work.
GitHub Container Registry introduces easy sharing across organizations, fine-grained permissions, and free, anonymous access for public container images
Register, vote, and volunteer to make an impact during the U.S. 2020 elections.
Integrating static analysis security testing into the developer workflow is hard. We discuss the challenges and how to overcome them