Dark Reading

Supply Chain Attackers Escalate With GitHub Dependabot Impersonation

In the latest attack to target software supply chains, attackers managed to slip in malicious code updates to hundreds of GitHub repositories by using stolen passcodes to commit changes and then used ...
InfoQ

GitHub Enables Dependabot via GitHub Actions, Improves Supply Chain Security

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Cory Benfield discusses the evolution of ...
Bleeping Computer

GitHub repos bombarded by info-stealing commits masked as Dependabot

Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers. The campaign unfolded in July ...
SD Times

GitHub’s Dependabot alerts now surface if code calls a vulnerability

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
TechRadar

GitHub is getting better at hunting down your dangerous code

GitHub is making one of its most important tools more useful with a significant update. A company blog postexplains that GitHub has been working behind the scenes to improve Dependabot, an automated ...
InfoWorld

GitHub adds supply chain security tools for Rust language

GitHub’s supply chain security features including the advisory database, Dependabot alerts, and dependency graph are now available for Rust Cargo files. Aiming to help Rust developers discover and ...