… May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security May.12 Retired Synchronous SBOM API deprecated supply chai…
… See you in next year’s review! 🚀 Tags: CVE CVSS CWE Dependabot EPSS GitHub Security Lab malware vulnerability Written by Security Analyst, curator of the GitHub Advisory Database, and one of the members of the Security Lab responsible for issuing CVE IDs and publishing CVE records. …
… Strengthening supply chain security: Preparing for the next malware campaign Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack. …
… Strengthening supply chain security: Preparing for the next malware campaign Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack. …
… What to expect in the coming months In late 2025 the Shai-Hulud attacks motivated a revamped security roadmap for npm, which we talked about in Our plan for a more secure npm supply chain and Strengthening supply chain security: Preparing for the next malware campaign . …
… May.26 Release Dependabot version updates now support the sbt ecosystem supply chain security May.22 Release Staged publishing and new install-time controls for npm supply chain security May.19 Retired Upcoming deprecation of Python 3.9 for Dependabot supply chain security May.19 Improvement Expand…