- New Content: Managing dependency threats - Published a comprehensive guide for defending against supply chain attacks and managing dependency risks, covering layered defenses from lockfiles and dependency review to attestation verification and package confusion mitigation
- New Content: Expanding Enterprise Custom Agents context - Published architecture guidance for extending GitHub Copilot custom agents with enterprise knowledge, including strategies for context enrichment, secure integration patterns, and scaling agent capabilities across the organization
- New Content: Implementing polyrepo engineering - Published a design guide for coordinating engineering across multiple repositories, including manifest-driven integration, change set management, reusable workflow versioning, and release governance patterns
- Update: NIST SSDF implementation - Expanded the NIST Secure Software Development Framework scenario with updated guidance on security configurations, repository rulesets, and practical implementation steps across all SSDF practice areas
- Update: Securing GitHub Actions workflows - Enhanced the Actions security recommendation with detailed OIDC claims guidance, immutable subject identifiers, repository ruleset examples, and refined best practices for secure workflow patterns
- Update: Application Security design principles - Added a security-by-design approach and developer workspace security considerations to the Application Security pillar's design principles
- Update: Anti-patterns - Added guidance on avoiding PII detection with secret scanning custom patterns, highlighting why repurposing secret scanning for personally identifiable information creates compliance risk and alert fatigue