How we use Dependabot to secure GitHub
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
Home / You searched for Security / Blog Search
Search results for: Security
Release Radar · April 2022 Edition
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…
Securing and delivering high-quality code with innersource metrics
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.
How to measure innersource across your organization
The innersource contribution percentage is the rate of contributions from people outside the team that originally authored the software. Let’s dive into what it can look like for your organization.
Dependabot alerts show all affected files for vulnerable function calls (Python Beta)
Dependabot alerts show all affected files for vulnerable function calls (Python Beta)
GitHub Achieves ISO/IEC 27001:2013 Certification!
GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices.
DigitalOcean is now a GitHub secret scanning partner
DigitalOcean is now a GitHub secret scanning partner
Secret scanning: Dry runs for enterprise-level custom patterns
Secret scanning: Dry runs for enterprise-level custom patterns
Open Source Monthly – May 2022 Edition
Introduction Open Sauced, GitHub’s Explore page, Hacktoberfest, and First Timers Only help folks discover open source projects. This monthly series–Open Source Monthly—will add to these efforts by helping: First-time contributors…
The GitHub Enterprise Server 3.5 Release Candidate is available
The GitHub Enterprise Server 3.5 Release Candidate is available
Dependabot keeps `@types` dependencies in sync with updated packages
Dependabot keeps `@types` dependencies in sync with updated packages
Enhanced 2FA experience for npm accounts: public beta
Enhanced 2FA experience for npm accounts: public beta
Enhanced 2FA experience for your npm account
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to…
Supercharging GitHub Actions with Job Summaries
You can now output and group custom Markdown content on the Actions run summary page.
Prepare for next semester with GitHub Global Campus and Codespaces
Teachers, it is now your turn to join GitHub Global Campus with our student community! Get access to exclusive benefits, programs, and the Power of Codespaces at no cost in GitHub Classroom!
Being friendly: Strategies for friendly fork management
This is the second and final post in a series describing friendly forks and alternative strategies for managing them.
Secret scanning now prevents secret leaks in web commits
Secret scanning now prevents secret leaks in web commits
Best practices to keep your projects secure on GitHub
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
