… May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security May.19 Retired Removal of code scanning upload field from …
… Partial matches still pose privacy and security risks. Write down or screenshot the URLs of profiles you find . You'll need these when requesting removal. Repeat this process on other major data broker sites — each maintains separate databases and requires individual opt-out requests. …
… Bringing expanded security coverage into pull requests Pull requests are where developers already review and approve changes, making them the most effective place to surface security risks early. …
… Claude Code Security Review Guan originally found the flaw in Claude Code Security Review. This is Anthropic's GitHub Action that uses Claude to analyze code changes and pull requests for vulnerabilities and other security issues. …
We had a situation this week where someone from another department scheduled time with IT because they wanted us to “move their app into production.” At first I assumed it was a normal internal tool request. Nope. They h…
As a maintainer, this is Cilium's take on how we secure our Github Actions in the OSS project. A few highlights: SHA pinning every GitHub Action Separating trusted vs untrusted code paths in pull_request_target Isolating…
A lot of “software supply chain security” discussions stay pretty abstract, this is Cilium's take on how we secure our Github Actions in the OSS project. A few highlights: SHA pinning every GitHub Action Separating trust…
June 10, 2025. Anton Carniaux, Microsoft France's director of public and legal affairs. French Senate inquiry into public procurement and digital sovereignty. Senators asked him point-blank whether he could guarantee tha…
**UPDATE** I have went through tediously and re-checked everything including fixing some mistakes that were still left in version 1. I went over everything and all the feedback recieved, the second edition includes both …
… Code Review will do a lot more of that, at greater expense. "Code Review analyzes your GitHub pull requests and posts findings as inline comments on the lines of code where it found issues," the company explains in its documentation . …
… May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security May.19 Retired Removal of code scanning upload field from …
… An employee who needs a tool today and faces a six-week security review will find a workaround within days. The goal of this step is to remove that friction. Most AI tool requests do not warrant a full procurement review. …
… May.12 Improvement CodeQL 2.25.4 adds Swift 6.3.1 support, improvements to C and Java, and more application security May.08 Improvement CodeQL 2.25.3 adds Swift 6.3 support application security May.05 Release Secret scanning with GitHub MCP Server is now generally available application security May…
… May.19 Retired Upcoming deprecation of Python 3.9 for Dependabot supply chain security May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application se…
… Automated security monitoring: As agent-driven software engineering scales, human review alone is unlikely to keep pace. Consider deploying dedicated security-focused agents to monitor and audit AI-generated pull requests, flagging suspicious patterns before they reach human reviewers. …
