Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations

Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.

The post Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations appeared first on The GitHub Blog.

Securing the open source supply chain: The essential role of CVEs

Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security keep pace.

The post Securing the open source supply chain: The essential role of CVEs appeared first on The GitHub Blog.

The second half of software supply chain security on GitHub

Learn about a community-developed framework for how to think about this problem holistically and how to use GitHub, particularly, to improve the security in the second half of your software supply chain.

The post The second half of software supply chain security on GitHub appeared first on The GitHub Blog.

Configure GitHub Artifact Attestations for secure cloud-native delivery

Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images.

The post Configure GitHub Artifact Attestations for secure cloud-native delivery appeared first on The GitHub Blog.