InfoWorld

What’s new at GitHub: dependency management, security alerts

With the dependency graph service, GitHub will use its own data to build a dependency graph that gives developers insight into both projects their code depends on and the projects that depend on their ...
KXAN

NowSecure Integrates with GitHub Dependabot for Developer-First Mobile Software Supply-Chain Security

NowSecure dynamically generates mobile Software Bill of Materials (SBOMs) into GitHub Dependency Graph to help developers ensure they are using latest, safe versions of software component libraries.
Bleeping Computer

GitHub can now alert of supply-chain bugs in new dependencies

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. This is achieved by adding the new Dependency Review GitHub Action ...
InfoQ

GitHub Adds Dependabot Automated Security PRs and More Security-Related Features

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
CSOonline

Google launches dependency API and curated package repository with security metadata

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming ...
InfoWorld

What’s new at GitHub: dependency management, security alerts

The graph also will be annotated with additional information for security and license and operational risks. Where to get the GutHub dependence graph service The dependency graph is available now on ...