3 strategies to expand your threat model and secure your supply chain
How to get the security basics right at your organization.
Tag
How to get the security basics right at your organization.
Now, you can group multiple version updates in a single pull request.
Repository rules provide an easy, flexible way to define branch protections and ensure consistency in code across repositories.
A new alert rules engine for Dependabot leverages alert metadata to identify and auto-dismiss up to 15% of alerts as false positives.
Open source maintainers and security researchers embrace a new best practice to report and fix vulnerabilities.
How to verifiably link npm packages to their source repository and build instructions.
Developers and compliance teams get a new SBOM generation tool for cloud repositories.
Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities
How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.
Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.
Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.
See what we're building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease.
The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.
Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building.