Critical AWS supply chain vulnerability could have let hackers take over key GitHub repositories

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild service exposed several AWS-managed GitHub repositories to ...
InfoQ

GitHub Enables Dependabot via GitHub Actions, Improves Supply Chain Security

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. This article dives into the happens-before ...
Dark Reading

GitHub: How Code Provenance Can Prevent Supply Chain Attacks

GARTNER SECURITY & RISK MANAGEMENT SUMMIT — Washington, DC — Having awareness and provenance of where the code you use comes from can be a boon to prevent supply chain attacks, according to GitHub's ...
FinanceFeeds

Crypto Dev Activity: Why GitHub Metrics Matter for Long-Term Value

Developer activity on GitHub is emerging as a critical fundamental metric in crypto, offering insight into a project’s ...
Bleeping Computer

Millions of GitHub repos likely vulnerable to RepoJacking, researchers say

Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of ...
CSOonline

GitHub Actions typosquatting: A high-impact supply chain attack-in-waiting

Developers who mistype names and owners of GitHub Actions expose their repositories and accounts to malicious code execution, with significant software supply chain implications, researchers have ...
TechCrunch

GitHub to require 2FA for all contributors starting from March 13

GitHub is set to require two-factor authentication (2FA) for all developers who contribute code to any project on the platform, a move designed to bolster the software supply chain. Now, GitHub has ...