supply-chain-security

10 posts
GitHub
DevSecOpsEnterprise-softwareGitHub-Artifact-AttestationsSLSAsupply-chain-security
Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations

Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process. The post Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations appeared first on The GitHub Blog.

Kristina Heidinger12/19/2024
GitHub
ProductDependabotGitHub-Actionssupply-chain-security
Dependabot on GitHub Actions and self-hosted runners is now generally available

A quick guide on the advantages of Dependabot as a GitHub Actions workflow and the benefits this unlocks, including self-hosted runner support. The post Dependabot on GitHub Actions and self-hosted runners is now generally available appeared first on The GitHub Blog.

Carlin Cherry5/2/2024
GitHub
SecurityCLIGitHub-Actionssupply-chain-security
Introducing Artifact Attestations–now in public beta

Generate and verify signed attestations for anything you make with GitHub Actions. The post Introducing Artifact Attestations–now in public beta appeared first on The GitHub Blog.

Trevor Rosen5/2/2024
GitHub
SecurityGitHub-ActionsGitHub-CLIsupply-chain-security
Where does your software (really) come from?

GitHub is working with the OSS community to bring new supply chain security capabilities to the platform. The post Where does your software (really) come from? appeared first on The GitHub Blog.

Trevor Rosen4/30/2024
GitHub
Security2FAGitHub.comsupply-chain-security
Securing millions of developers through 2FA

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts. The post Securing millions of developers through 2FA appeared first on The GitHub Blog.

Mike Hanley4/24/2024
GitHub
Securityopen-sourcesupply-chain-security
How to stay safe from repo-jacking

Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe. The post How to stay safe from repo-jacking appeared first on The GitHub Blog.

Kevin Backhouse2/21/2024
GitHub
ProductSecurityDependabotGitHub-Advanced-Securityopen-sourcesupply-chain-security
Introducing auto-triage rules for Dependabot

Make quick work of alerts with preset and custom rules. The post Introducing auto-triage rules for Dependabot appeared first on The GitHub Blog.

Erin Havens9/14/2023
GitHub
ProductSecurityDependabotsupply-chain-security
A faster way to manage version updates with Dependabot

Now, you can group multiple version updates in a single pull request. The post A faster way to manage version updates with Dependabot appeared first on The GitHub Blog.

Eric Tooley8/24/2023
GitHub
ProductSecurityrepository-rulessupply-chain-security
GitHub Repository Rules are now generally available

Repository rules provide an easy, flexible way to define branch protections and ensure consistency in code across repositories.

Patrick Knight7/24/2023
GitHub
SecurityDevSecOpssupply-chain-security
How to mitigate OWASP vulnerabilities while staying in the flow

Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities

Mark Paulsen2/6/2023