compliance

Learn about how we run a scalable vulnerability management program built on top of GitHub.

Reduce developer and auditor friction involved in demonstrating compliance and maintaining end-to-end traceability by focusing your efforts around the pull request.

GitHub’s Information Security and Privacy Management System (ISPMS) has been certified against ISO/IEC 27701:2019 (PII Processor) and 27018:2019 standards, as well as the Cloud Controls Matrix (CCM). These standards and frameworks are internationally recognized for security and privacy program best practices.

Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.

Developers and compliance teams get a new SBOM generation tool for cloud repositories.

Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.

Laying the groundwork for developer-enabled compliance.

Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.

Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.

GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices.

This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project.

GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool.

If you’re a GitHub Enterprise Cloud customer, you can now set up a stream of audit log and Git events to Splunk or an Azure Event Hub.