Justin Hutchings

Posts by this author

Supply chain securityThe importance of improving supply chain security in open source

We think a lot about a high-profile supply chain attack that might cause developers, teams, and organizations to lose trust in open source. That’s why we’re investing in new ways to protect the open source ecosystem.

Justin Hutchings·November 9, 2022

• Supply chain security

  

  New request for comments on improving npm security with Sigstore is now open

  Supply chain attacks exploit our implicit trust of open source to hurt developers and our customers. Read our proposal for how npm will significantly reduce supply chain attacks by signing packages with Sigstore.Justin Hutchings·August 8, 2022

  Learn more
• Supply chain security

  

  Best practices to keep your projects secure on GitHub

  These days software is subject to an ever-changing threat landscape. Check out the many ways you can keep your projects secure on GitHub today.Justin Hutchings·April 28, 2022

  Learn more
• Product

  

  Dependency graph now supports GitHub Actions

  The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions!Justin Hutchings·January 31, 2022

  Learn more
• Supply chain security

  

  Safeguard your containers with new container signing capability in GitHub Actions

  GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.Justin Hutchings·December 6, 2021

  Learn more
• Secure software development

  

  Introducing new ways to keep your code secure

  It’s more important than ever that every developer becomes a security developer—that they responsibly disclose vulnerabilities and patch vulnerable code quickly. Today, we’re excited to announce several new security features designed to make it easier for developers to secure their code.Justin Hutchings·May 23, 2019

  Learn more