Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repositories.

During Universe, we received a number of security questions ranging from our strategy to our advisories. Here’s what we’ve got planned!

Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the Dependabot team joined GitHub in

Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant that internal libraries, shared design

We’ve made huge advances in our security features at GitHub in 2020, with launches for code scanning, secret scanning, Dependabot version updates, dependency review, and more.

GitHub Actions makes it easy to automate all your software workflows, from continuous integration and delivery to issue triage and more. Whether you want to build a container, deploy a web service, or automate welcoming

Keeping your dependencies updated is one of the easiest ways to keep the software you build secure. However, while it’s critically important to keep your dependencies updated, in a recent survey, 52% of developers said

The following is a guest post written by Dependabot’s co-founder, @greystiel. Modern software often relies on hundreds of open source components, all of which need to be kept secure. Staying on top of security vulnerabilities in those