Topic

#supply chain security

Loot, blog posts and adjacent themes connected to this topic. Follow the tag to keep it in your orbit.

#supply chain security
Loot

More from this topic

Explore all loot
No loot for #supply chain security yet

When the community shares matching finds, they will appear here. For now, browse all loot or submit the first drop.

Blog

Related reads

Browse blog
Tools & Apps

Audit Dependabot alert exports before GitHub moves old closed alerts out of the API

GitHub will move closed Dependabot security alerts older than two years into archival storage on August 25, 2026, changing how security team

Tools & Apps

GitHub Adds License Compliance Checks Before Merge

GitHub has put open source license compliance into public preview, giving Enterprise Cloud teams ruleset-based checks that can block pull re

Tools & Apps

Fix Dependabot npm registry scope before private package updates drift

GitHub changed how Dependabot handles npm registry configuration: teams can now make dependabot.yml the authoritative source for scoped npm

Tools & Apps

Find Docker Content Trust before Notary v1 shuts down

Docker is retiring Docker Content Trust and the notary.docker.io Notary v1 service, with brownouts before the December 8, 2026 shutdown. Tea

Tools & Apps

Stop cache poisoning in GitHub Actions with read-only untrusted triggers

GitHub Actions now gives read-only cache tokens to low-trust default-branch workflow triggers, reducing cache-poisoning paths from pull_requ

Tools & Apps

Protect npm releases: high-impact accounts now get a 72-hour safety pause

GitHub has added a preventive 72-hour read-only state for high-impact npm accounts after sensitive account changes, closing a common supply-

Tools & Apps

Harden GitHub Repos Now That Secret Scanning Blocks More Token Leaks

GitHub expanded secret scanning in June 2026 with new partner detectors, wider default push protection, validity checks, and richer leak met

Tools & Apps

Homebrew 6.0.0 Adds Tap Trust, Linux Sandboxing, and Faster Metadata

Homebrew 6.0.0 adds explicit trust for third-party taps, makes the internal JSON API the default, introduces Linux sandboxing, and improves

Tools & Apps

npm v12 will make install scripts and remote sources opt-in

GitHub says npm v12 will change install defaults in July 2026: dependency install scripts, Git dependencies, and remote URL dependencies wil

Tools & Apps

npm staged publishing adds a human approval gate for package releases

npm CLI 11.15.0 adds generally available staged publishing plus explicit install-source controls, giving maintainers a safer release path fo