Extend your dependency information in the GitHub Dependency Graph with new GitHub Actions
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph.
Achieving SLSA 3 Compliance with GitHub Actions and Sigstore for Go modules
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.
15+ new code scanning integrations with open source security tools
Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.
Announcing third-party code scanning tools: infrastructure as code and container scanning
Last week we launched code scanning out of beta and have since announced integrations with static analysis and developer security training solutions. By expanding our GitHub security ecosystem, developers can…
Announcing third-party code scanning tools: static analysis & developer security training
Last week, we launched code scanning for all open source and enterprise developers, and we promised we’d share more on our extensibility capabilities and the GitHub security ecosystem. Today, we’re…
Using GitHub Actions to deploy applications to IBM Cloud Kubernetes Service
In this post, hear from @stevemar, a Senior Technical Staff Member at IBM, about a new GitHub Starter Workflow for developers deploying containerized applications to IBM Cloud Kubernetes Service. Here…