Dependabot ❤️s private dependencies
Dependabot’s mission is to keep all of your dependencies free of vulnerabilities and up-to-date, but until now, it hasn’t been able to update all of your private dependencies. That meant…
Home / Security / Supply chain security / Page 3
Supply chain security
Explore guides and articles aimed at helping explain the complex and critical aspects of securing the software supply chain. In today’s interconnected development environment, a single vulnerability in any component of the supply chain can compromise an entire application. Get insights and tips on identifying, managing, and mitigating risks associated with third-party dependencies, libraries, and tools integrated into your projects. Learn about best practices for maintaining the integrity of the software supply chain, including dependency management, vulnerability scanning, and implementing secure procurement policies. Find out how GitHub’s security alerts, code scanning, secret scanning, and dependency management features can help you avoid supply chain security issues. You can also check out our documentation to learn more about supply chain security on GitHub.
Avoiding npm substitution attacks
Supply chain attacks are a reality in modern software development. Thankfully, you can reduce the attack surface by taking precautions and being thoughtful about how you manage your dependencies. We…
Secure at every step: What is software supply chain security and why does it matter?
The most important way to protect supply chain threats? Scan code for security vulnerabilities, learn how to find vulnerabilities in code, and quickly patch them with dynamic code analysis tools.
Secure at every step: Show your dependencies some love with updates
Keep dependencies up to date, to make sure you can quickly apply a patch when it really matters – when there’s a critical security vulnerability.
Securing your open source dependencies with GitHub dependency insights
GitHub dependency insights helps both developers and security teams manage their open source security with confidence—automatically compiling relevant CVE information, aiding in OSS license compliance, and helping them better understand their OSS dependency versions.
Security vulnerability alerts for Python
If you use Python, we can now alert you whenever you depend on vulnerable packages.
Vulnerability announced: update your Git clients
A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows…
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
GitHub Universe 2024
Get tickets to the 10th anniversary of our global developer event on AI, DevEx, and security.