3 strategies to expand your threat model and secure your supply chain
How to get the security basics right at your organization.
Tag
supply chain security
A faster way to manage version updates with Dependabot
Now, you can group multiple version updates in a single pull request.
GitHub Repository Rules are now generally available
Repository rules provide an easy, flexible way to define branch protections and ensure consistency in code across repositories.
Dependabot relieves alert fatigue from npm devDependencies
A new alert rules engine for Dependabot leverages alert metadata to identify and auto-dismiss up to 15% of alerts as false positives.
Private vulnerability reporting now generally available
Open source maintainers and security researchers embrace a new best practice to report and fix vulnerabilities.
Introducing npm package provenance
How to verifiably link npm packages to their source repository and build instructions.
Introducing self-service SBOMs
Developers and compliance teams get a new SBOM generation tool for cloud repositories.
How to mitigate OWASP vulnerabilities while staying in the flow
Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities
Unlocking security updates for transitive dependencies with npm
How Dependabot integrated with npm to address security vulnerabilities on transitive dependencies and increase the likelihood of success for JavaScript security updates by 40%.
Dependabot alerts are now visible to more developers
Default settings will allow developers with write and maintain access to see and resolve Dependabot alerts.
A smarter, quieter Dependabot
Dependabot is getting a little smarter—and, a little quieter—by reducing bot-based noise from repositories based on your interaction with Dependabot.
Everything new from GitHub Universe 2022
See what we're building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease.
Why we’re excited about the Sigstore general availability
The Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future.
GitHub’s supply chain security features now support Dart
Cross-platform apps built with the popular Flutter toolkit can now benefit from Dependabot alerts.
5 tips for prioritizing Dependabot alerts
Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building.