CoFeed

GitHub

Securing the open source supply chain: The essential role of CVEs

Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have h...

GitHub

The second half of software supply chain security on GitHub

Learn about a community-developed framework for how to think about this problem holistically and how to use GitHub, particularly, to improve...

GitHub

Configure GitHub Artifact Attestations for secure cloud-native delivery

Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images....

GitHub

Dependabot on GitHub Actions and self-hosted runners is now generally available

A quick guide on the advantages of Dependabot as a GitHub Actions workflow and the benefits this unlocks, including self-hosted runner suppo...

GitHub

Introducing Artifact Attestations–now in public beta

Generate and verify signed attestations for anything you make with GitHub Actions.

GitHub

Where does your software (really) come from?

GitHub is working with the OSS community to bring new supply chain security capabilities to the platform.

GitHub

Securing millions of developers through 2FA

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure.

GitHub

How to stay safe from repo-jacking

Repo-jacking is a specific type of supply chain attack.

GitHub

Introducing auto-triage rules for Dependabot

Make quick work of alerts with preset and custom rules.

GitHub

A faster way to manage version updates with Dependabot

Now, you can group multiple version updates in a single pull request.

GitHub

GitHub Repository Rules are now generally available

Repository rules provide an easy, flexible way to define branch protections and ensure consistency in code across repositories.

GitHub

How to mitigate OWASP vulnerabilities while staying in the flow