Tag
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
Dependabot is generally available in GitHub Enterprise Server 3.5. Here is how to set up Dependabot on your instance.
A personal story about building the feature you want and sharing it with the world.
The Rust community can now discover, report, and prevent security vulnerabilities.
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
Today, we're shipping a new feature for Dependabot alerts which helps you better understand how you're affected by a vulnerability.
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
In March, we experienced several incidents resulting in significant impact to multiple GitHub services.
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We've seen bad actors expand their focus to taking over user…
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.
Today, we’re shipping improvements to Dependabot alerts that make them easier to understand and remediate.
The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions!
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.
My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.