ProductSecurityIntroducing auto-triage rules for DependabotMake quick work of alerts with preset and custom rules. Since the May beta release of our GitHub-curated Dependabot policies that detect and close false positive alerts, over 250k repositories have manually opted in, with an average improvement of over 1 in 10 alerts. The impact so far: auto-dismissal of millions of alerts that would have
SecuritySecurity alert: social engineering campaign targets technology industry employeesGitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor. GitHub has
Open SourceSecurityWhy we’re excited about the Sigstore general availabilityThe Sigstore GA means you can protect your software supply chain today with GitHub Actions, and will power new npm security capabilities in the near future. Sigstore is a powerful new technology for signing, verifying, and protecting software supply chains, and we’re very excited by today’s general availability announcemen
この記事は、筆者が制作したGitHub Actions向けCustom actionであるdependency-cruiser-report-actionを紹介する記事です。 JavaScript / TypeScriptのプログラムではexportによりモジュールとして分割しimport(require) で読み込むことができますが、一度exportで公開してしまうとプロジェクト内のどこからでも読み込むことができてしまいます。 無秩序にimportを増やして依存関係が複雑になるとモジュール間は密結合になります。1つの小さな変更が大規模な障害に発展したり、変更をリリースするまでのリードタイムは伸びていくなどの悪循環に陥ります。 プロダクトを安全にメンテナンスし続けるためにはこの「依存」と立ち向かうことになります。 立ち向かうためのアプローチとしてはフレームワークによる規約の利用、SOLID
ProductSecurityGitHub Advisory Database now powers npm auditToday, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database. Supply chain security is one of the most important parts of software development today, and we want to
GitHub Actions: Setup-node supports dependency caching for projects with monorepo and pnpm package manager actions September 7, 2021 You can now use setup-node action to cache dependencies for projects with monorepo and pnpm package manager. Use the optional cache-dependency-path field to specify the path to dependency file(s). steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v2 with:
ProductThe npm registry is deprecating TLS 1.0 and TLS 1.1Beginning October 4, 2021, all connections to npm websites and the npm registry, including for package installation, must use TLS 1.2 or higher. Beginning October 4, 2021, all connections to npm websites and the npm registry—including for package installation—must use TLS 1.2 or higher. GitHub is committed to ensuring the security of our se
オリジナルのJavaScriptライブラリを公開します! ライブラリの作り方よりかは、実際に公開する手順やCI/CDについて解説します。 【技術】 ・ JavaScript ・ Node.js ・ npm/yarn ・ Mocha ・ Chai ・ Git/GitHub ・ GitHub Actions
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く