Achieving SLSA 3 Compliance with GitHub Actions and Sigstore for Go modules
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
April 7, 2022
Posts by
Learn how to build packages with SLSA 3 provenance using GitHub Actions.
We’re excited to announce the V4 release of the OpenSSF’s Scorecard project in partnership with Google.
Today, we’re happy to announce more than 15 new integrations with open source security tools that broaden our language coverage to include PHP, Swift, Kotlin, Ruby, and more.
Last week we launched code scanning out of beta and have since announced integrations with static analysis and developer security training solutions. By expanding our GitHub security ecosystem, developers can use their tools of choice for any of their projects on GitHub, all within the native GitHub experience they love. Our integrations tightly couple the […]
Last week, we launched code scanning for all open source and enterprise developers, and we promised we’d share more on our extensibility capabilities and the GitHub security ecosystem. Today, we’re happy to introduce 10 new third-party tools available with GitHub code scanning. These open source projects and static application security testing (SAST) solutions bring a […]
In this post, hear from @stevemar, a Senior Technical Staff Member at IBM, about a new GitHub Starter Workflow for developers deploying containerized applications to IBM Cloud Kubernetes Service. Here at IBM, we’re one of GitHub’s top users, with hundreds of orgs and thousands of commits per day. We’re such big fans that we wanted […]