{"id":137966,"date":"2022-04-11T01:22:53","date_gmt":"2022-04-11T06:22:53","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/04\/github-can-now-alert-of-supply-chain-bugs-in-new-dependencies"},"modified":"2022-04-11T01:22:53","modified_gmt":"2022-04-11T06:22:53","slug":"github-can-now-alert-of-supply-chain-bugs-in-new-dependencies","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/04\/github-can-now-alert-of-supply-chain-bugs-in-new-dependencies","title":{"rendered":"GitHub can now alert of supply-chain bugs in new dependencies"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/github-can-now-alert-of-supply-chain-bugs-in-new-dependencies2.jpg\"><\/a><\/p>\n<p>GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities.<\/p>\n<p>This is achieved by adding the new <a href=\"https:\/\/github.com\/marketplace\/actions\/dependency-review\" target=\"_blank\" rel=\"nofollow noopener\">Dependency Review GitHub Action<\/a> to an existing workflow in one of your projects. You can do it through your repository\u2019s Actions tab under Security or straight from the GitHub Marketplace.<\/p>\n<p>It works with the help of an <a href=\"https:\/\/docs.github.com\/en\/rest\/reference\/dependency-graph#dependency-review\" target=\"_blank\" rel=\"nofollow noopener\">API endpoint<\/a> that will help you understand the security impact of dependency changes before adding them to your repository at every pull request.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. This is achieved by adding the new Dependency Review GitHub Action to an existing workflow in one of your projects. You can do it through your repository\u2019s Actions tab under Security or straight from the [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-137966","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/137966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=137966"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/137966\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=137966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=137966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=137966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}