#supply chain security
Loot, blog posts and adjacent themes connected to this topic. Follow the tag to keep it in your orbit.
More from this topic
When the community shares matching finds, they will appear here. For now, browse all loot or submit the first drop.
Related reads
Audit Dependabot alert exports before GitHub moves old closed alerts out of the API
GitHub will move closed Dependabot security alerts older than two years into archival storage on August 25, 2026, changing how security team…
GitHub Adds License Compliance Checks Before Merge
GitHub has put open source license compliance into public preview, giving Enterprise Cloud teams ruleset-based checks that can block pull re…
Fix Dependabot npm registry scope before private package updates drift
GitHub changed how Dependabot handles npm registry configuration: teams can now make dependabot.yml the authoritative source for scoped npm …
Find Docker Content Trust before Notary v1 shuts down
Docker is retiring Docker Content Trust and the notary.docker.io Notary v1 service, with brownouts before the December 8, 2026 shutdown. Tea…
Stop cache poisoning in GitHub Actions with read-only untrusted triggers
GitHub Actions now gives read-only cache tokens to low-trust default-branch workflow triggers, reducing cache-poisoning paths from pull_requ…
Protect npm releases: high-impact accounts now get a 72-hour safety pause
GitHub has added a preventive 72-hour read-only state for high-impact npm accounts after sensitive account changes, closing a common supply-…
Harden GitHub Repos Now That Secret Scanning Blocks More Token Leaks
GitHub expanded secret scanning in June 2026 with new partner detectors, wider default push protection, validity checks, and richer leak met…
Homebrew 6.0.0 Adds Tap Trust, Linux Sandboxing, and Faster Metadata
Homebrew 6.0.0 adds explicit trust for third-party taps, makes the internal JSON API the default, introduces Linux sandboxing, and improves …
npm v12 will make install scripts and remote sources opt-in
GitHub says npm v12 will change install defaults in July 2026: dependency install scripts, Git dependencies, and remote URL dependencies wil…
npm staged publishing adds a human approval gate for package releases
npm CLI 11.15.0 adds generally available staged publishing plus explicit install-source controls, giving maintainers a safer release path fo…