GitHub now sends Dependabot alerts for vulnerable Actions

GitHub has announced that it will begin sending Dependabot alerts when it detects vulnerable GitHub Actions.

GitHub Actions makes it easy for developers to automate their workflows. Dependabot, meanwhile, automatically updates dependencies to keep your projects secure.

When an Action vulnerability is discovered, GitHub’s team of security researchers will create an advisory to document it. Following the creation of an advisory, Dependabot alerts will be sent to impacted...

11 August 2022 | Git

GitHub expands CLI functionality to bring Actions to your terminal

GitHub is expanding the functionality of its CLI (Command-Line Interface) tool to bring Actions to your terminal.

The first stable version of GitHub CLI launched in September last year with the aim of enabling developers to keep their repo workflows in their terminal.

“Developers spend a lot of time in their terminals, and our CLI helps to mitigate the frequent context switching between your terminal and GitHub.com,” Amanda Pinsker, Product Designer at GitHub, said...

16 April 2021 | Development Tools