Avoiding npm substitution attacks
Supply chain attacks are a reality in modern software development. Thankfully, you can reduce the attack surface by taking precautions and being thoughtful about how you manage your dependencies. We…
Home / Security / Supply chain security / Page 4
Supply chain security
In today’s interconnected development environment, a single vulnerability in any component of the supply chain poses a threat. Find out how GitHub’s security alerts, code scanning, secret scanning, and dependency management features can help you avoid supply chain security issues. You can also check out our documentation to learn more about supply chain security on GitHub.
Shifting supply chain security left with dependency review
Dependency review allows you to easily understand your dependencies before you introduce them to your environment. As part of a pull request, you can see what dependencies you’re introducing, changing, or removing, and information about their vulnerabilities, age, usage, and license.
Secure at every step: What is software supply chain security and why does it matter?
The most important way to protect supply chain threats? Scan code for security vulnerabilities, learn how to find vulnerabilities in code, and quickly patch them with dynamic code analysis tools.
Secure at every step: Show your dependencies some love with updates
Keep dependencies up to date, to make sure you can quickly apply a patch when it really matters – when there’s a critical security vulnerability.
Securing your open source dependencies with GitHub dependency insights
GitHub dependency insights helps both developers and security teams manage their open source security with confidence—automatically compiling relevant CVE information, aiding in OSS license compliance, and helping them better understand their OSS dependency versions.
Security vulnerability alerts for Python
If you use Python, we can now alert you whenever you depend on vulnerable packages.
Vulnerability announced: update your Git clients
A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows…
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
The GitHub Podcast
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.