Bleeping Computer

GitHub can now alert of supply-chain bugs in new dependencies

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. This is achieved by adding the new Dependency Review GitHub Action ...
Bleeping Computer

Github Will Warn Developers About Vulnerable Dependencies in Their Projects

GitHub — the Internet largest code hosting service — is rolling out a new security feature through which it hopes to reduce the number of vulnerable projects hosted and distributed through its ...
ZDNet

GitHub rolls out dependency review, vulnerability alerts for pull requests

GitHub will roll out dependency review, a security assessment for pull requests, in the coming weeks to developers. SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover ...