GitHub Launches Immutable Releases for Enhanced Software Supply Chain Security
By
fastest963
A good honest bake. Not flashy, but you'll finish the whole bagel.
Summary
GitHub has introduced immutable releases as a general availability feature, providing enhanced supply chain security. Once a release is marked as immutable, its assets cannot be added, modified, or deleted, and associated tags are protected from deletion or movement. This prevents tampering with published software artifacts, ensuring that distributed software remains secure and trustworthy for users.
Key quotes
· 4 pulledGitHub releases now support immutability, adding a new layer of supply chain security.
With immutable releases, assets and tags are protected from tampering after publication, so the software you publish—and your users consume—remains secure and trustworthy.
Once you publish a release as immutable, its assets can’t be added, modified, or deleted. This helps protect distributed artifacts from supply chain attacks.
Tags for new immutable releases are protected and can’t be deleted or moved.
You might also wanna read
GitHub Implements Post-Quantum Secure SSH Key Exchange for Enhanced Git Data Protection
GitHub is introducing post-quantum secure SSH key exchange algorithms (sntrup761x25519-sha512) to enhance security for Git data access. This
GitHub·8mo ago
GitLab 19.0 launches with Secrets Manager, agentic workflows, and self-hosted AI models
GitLab 19.0 has been released, positioning itself as an intelligent orchestration platform for DevSecOps. The release includes expanded secr
bit.ly·23h ago