GitHub Changelog
…is in public preview supply chain security May.05 Release Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available application security supply chain security May.05 Retired…
Search
People also ask
Where does your software (really) come from?
GitHub is working with the OSS community to bring new supply chain security capabilities to the platform.
Supply chain security ArchivesSecuring the open source supply chain across GitHub
…Over the past year, a new pattern has emerged in attacks on the open source supply chain. Attackers are focusing on exfiltrating secrets (like API keys) in order to both publish malicious…
Code scanning: Batch apply security alert suggestions on pull requests - GitHub Changelog
…support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security Back to top
Push protection exemptions for roles, teams, and apps - GitHub Changelog
…Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security May.19 Retired Removal of…
Code Quality permissions removed from security manager role - GitHub Changelog
…application security May.05 Release Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available application security supply chain security May.05 Retired Deprecation notice: code_scanning_upload…
Code Security risk assessment available for organizations - GitHub Changelog
…coverage on pull requests is now in public preview application security platform governance May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security Back to top
GitHub Code Quality: Batch apply quality suggestions on pull requests - GitHub Changelog
…application security May.05 Release Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available application security supply chain security May.05 Retired Deprecation notice: code_scanning_upload…
Safer pull_request_target defaults for GitHub Actions checkout - GitHub Changelog
…This pattern is known as a “pwn request,” and it has been the root cause of multiple supply-chain incidents across the ecosystem. For more information, see our blog posts about helping…
The Security tab is now Security & quality - GitHub Changelog
…support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security Back to top
CodeQL pull requests insights on security overview now cover all protected branches - GitHub Changelog
…Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security May.19 Retired Removal of…