roadmap icon indicating copy to clipboard operation
roadmap copied to clipboard
verified publisher icon github

Advisory Database: GitHub Actions support

Open github-product-roadmap opened this issue 3 years ago • 2 comments

Summary

This release adds support for GitHub Actions as an ecosystem in the Advisory Database and will allow Dependabot to send alerts to users who have vulnerable dependencies in their GitHub Actions workflows.

Intended Outcome

GitHub Actions is being used on millions of repositories, and maintainers need an effective way to alert their users if they discover security vulnerabilities.

How will it work?

The Advisory Database has a list of known ecosystems. This feature will add GitHub Actions to that list, and add support for its specific version semantics.

github-product-roadmap avatar Feb 09 '22 18:02 github-product-roadmap

🚢 This has shipped: https://github.blog/changelog/2022-08-09-advisory-database-supports-github-actions-advisories/

ankneis avatar Aug 10 '22 18:08 ankneis

Reopening to track for GHES 3.7 release!

ankneis avatar Sep 14 '22 23:09 ankneis

This went out with the GHES 3.7 release: https://docs.github.com/en/[email protected]/admin/release-notes

ankneis avatar Nov 30 '22 17:11 ankneis