compliance Archives

Demonstrating end-to-end traceability with pull requests

Reduce developer and auditor friction involved in demonstrating compliance and maintaining end-to-end traceability by focusing your efforts around the pull request.

Philip Holleran July 11, 2023

Company

GitHub achieves ISO/IEC 27701:2019, 27018:2019, and CSA STAR certifications

GitHub’s Information Security and Privacy Management System (ISPMS) has been certified against ISO/IEC 27701:2019 (PII Processor) and 27018:2019 standards, as well as the Cloud Controls Matrix (CCM). These standards and frameworks are internationally recognized for security and privacy program best practices.

Brandon Griffeth & Glory Francke July 5, 2023

Engineering

Generative AI-enabled compliance for software development

Explore how generative AI may soon help enable optimizing some of the foundational components of compliance.

Mark Paulsen April 11, 2023

Open Source

Introducing self-service SBOMs

Developers and compliance teams get a new SBOM generation tool for cloud repositories.

Eric Tooley & Courtney Claessens March 28, 2023

Engineering

3 ways to meet compliance needs without slowing down agility

Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.

Mark Paulsen & Chris Reddington February 24, 2023

Enterprise

Setting the foundations for compliance

Laying the groundwork for developer-enabled compliance.

Mark Paulsen & Fintan Ryan January 26, 2023

Product

Dependabot alerts are now visible to more developers

Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.

Eric Tooley & Erin Havens January 17, 2023

Security

A smarter, quieter Dependabot

Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.

Eric Tooley & Erin Havens January 12, 2023

Enterprise

GitHub Achieves ISO/IEC 27001:2013 Certification!

GitHub’s Information Security Management System (ISMS) has been certified against ISO 27001:2013, an internationally recognized standard for security program best practices.

Brandon Griffeth May 16, 2022

Community

Blue-teaming for Exiv2: creating a security advisory process

This blog post is the first in a series about hardening the security of the Exiv2 project. My goal is to share tips that will help you harden the security of your own project.

Kevin Backhouse November 2, 2021

Product

GitHub Actions for security and compliance

GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool.

Philip Holleran October 22, 2021

Enterprise

Audit log streaming is now in public beta

If you're a GitHub Enterprise Cloud customer, you can now set up a stream of audit log and Git events to Splunk or an Azure Event Hub.

Greg Padak September 16, 2021

compliance

Subscribe to The GitHub Insider