Tag
Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building.
We’re taking a look at two commonly-used security tools and detailing how they can help secure your projects.
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
Dependabot is generally available in GitHub Enterprise Server 3.5. Here is how to set up Dependabot on your instance.
A personal story about building the feature you want and sharing it with the world.
Learn how you can securely manage users with the latest ships for GitHub Enterprise.
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security.
A two-part story about how GitHub’s Product Security Engineering team rolled out Dependabot internally to track vulnerable dependencies, and how GitHub tracks and prioritizes technical debt.
We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.
From plug-and-play automations to protected branches, here are simple ways any developer can build more secure software on GitHub—all with a free account.
Today, we're shipping a new feature for Dependabot alerts which helps you better understand how you're affected by a vulnerability.
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.
Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate.