Justin Hutchings
Director of Product Management for supply chain security. I manage the team that's behind Dependabot, the Advisory Database, and the dependency graph. Twitter: https://twitter.com/jhutchings0
Yarn now supports security alerts for public and private repositories.
GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json
and package-lock.json
manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock
manifests.
Learn more about security alerts
This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world.
Announcing the second cohort, delivering value to projects, and driving a new frontier.
The world of Copilot is getting bigger, improving the developer experience by keeping developers in the flow longer and allowing them to do more in natural language.