Security

Access control, vulnerability management, and security fundamentals that actually matter for your codebase.

Open-source

🏪 The one where GitHub becomes an App Store - Issue #23

Apr 19, 2026

•

2 min read

🏪 The one where GitHub becomes an App Store - Issue #23

GitHub fixed the SBOM timeout nobody talks about, gh skill shipped with a warning I think you should read, and I gave a talk in Chile that reminded me why I do this.

Andrea Griffiths

Open-source

🔐 The One Where Your Credentials Stop Living in .env - Issue #22

Apr 13, 2026

•

5 min read

🔐 The One Where Your Credentials Stop Living in .env - Issue #22

Code scanning batch fixes + npm trusted publishing on CircleCI — and a question about management I can't stop thinking about.

Andrea Griffiths

Security

🏠 Main Branch: The One Where Your PR Inbox Got Fixed - Issue #21

Apr 6, 2026

•

5 min read

🏠 Main Branch: The One Where Your PR Inbox Got Fixed - Issue #21

GitHub rebuilt github.com/pulls from scratch, Actions drops the service container workarounds, and Simon Willison on why your experience is the whole point

Andrea Griffiths

Security

The One Where We Slow Down and Read the Fine Print 🔍 -Issue #20

Mar 28, 2026

•

4 min read

The One Where We Slow Down and Read the Fine Print 🔍 -Issue #20

GitHub is using your Copilot data to train AI starting April 24. Here's how to opt out, plus 28 new secret scanning detectors and a very good old dog.

Andrea Griffiths

Security

🔄 The One Where Your Hooks Update Themselves - Issue #18

Mar 16, 2026

•

4 min read

🔄 The One Where Your Hooks Update Themselves - Issue #18

Dependabot goes GA on pre-commit, OIDC tokens get smarter, and Bill Perkins argues for spending your healthiest years wisely

Andrea Griffiths

Open-source

🗂️ The One Where GitHub Finally Remembered Where It Put Everything - Issue #17

Mar 9, 2026

•

5 min read

🗂️ The One Where GitHub Finally Remembered Where It Put Everything - Issue #17

Repository Dashboard, required reviewers, and Projects hierarchy. The features you didn't know you were waiting for.

Andrea Griffiths

Security

Jan 12, 2026

•

4 min read

🥷🏽 Main Branch: The One Where Security Is Free - Issue #9

Five ecosystems in one week. CodeQL in three clicks. Your repo is probably missing both.

Andrea Griffiths

Security

🔐 Main Branch: The One Where Actions got Hardened - Issue #2

Nov 24, 2025

•

3 min read

🔐 Main Branch: The One Where Actions got Hardened - Issue #2

OIDC tokens got smarter and pull_request_target gets locked down

Andrea Griffiths

Security

🏪 The one where GitHub becomes an App Store - Issue #23

🔐 The One Where Your Credentials Stop Living in .env - Issue #22

🏠 Main Branch: The One Where Your PR Inbox Got Fixed - Issue #21

The One Where We Slow Down and Read the Fine Print 🔍 -Issue #20

🔄 The One Where Your Hooks Update Themselves - Issue #18

🗂️ The One Where GitHub Finally Remembered Where It Put Everything - Issue #17

🥷🏽 Main Branch: The One Where Security Is Free - Issue #9

🔐 Main Branch: The One Where Actions got Hardened - Issue #2

mainbranch