Extend your dependency information in the GitHub Dependency Graph with new GitHub Actions
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph.
In today’s interconnected development environment, a single vulnerability in any component of the supply chain poses a threat. Find out how GitHub’s security alerts, code scanning, secret scanning, and dependency management features can help you avoid supply chain security issues. You can also check out our documentation to learn more about supply chain security on GitHub.
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph.
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
The Rust community can now discover, report, and prevent security vulnerabilities.
These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
The new dependency review action and API prevents the introduction of known supply chain vulnerabilities into your code.
We want to take away the pain and effort of keeping your code secure, so check out how Dependabot empowers developers to keep to their projects secure.
Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We’ve seen bad actors expand their focus to taking over user…
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.
Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem!
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.