Supply-chain-security

Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security keep pace. The post Securing the open source supply chain: The essential role of CVEs appeared first on The GitHub Blog.

Learn about a community-developed framework for how to think about this problem holistically and how to use GitHub, particularly, to improve the security in the second half of your software supply chain. The post The second half of software supply chain security on GitHub appeared first on The GitHub Blog.

Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images. The post Configure GitHub Artifact Attestations for secure cloud-native delivery appeared first on The GitHub Blog.