Topic: software supply chain security

GitHub announces new updates to improve supply chain security

GitHub has released two updates designed to help secure software supply chains. The company announced a public beta of Artifact Attestations for GitHub Actions, which makes it easier for companies to verify where software components came from, and announced that Dependabot can now be run as a GitHub Actions workflow.  Artifact Attestation allows maintainers of … continue reading Protection Status