diff --git a/content/library/overview/release-notes/2026-q1.md b/content/library/overview/release-notes/2026-q1.md new file mode 100644 index 0000000..db0532f --- /dev/null +++ b/content/library/overview/release-notes/2026-q1.md @@ -0,0 +1,11 @@ + + +## 2026 Q1 + +- **New Content: Managing dependency threats** - Published a comprehensive guide for defending against supply chain attacks and managing dependency risks, covering layered defenses from lockfiles and dependency review to attestation verification and package confusion mitigation +- **New Content: Expanding Enterprise Custom Agents context** - Published architecture guidance for extending GitHub Copilot custom agents with enterprise knowledge, including strategies for context enrichment, secure integration patterns, and scaling agent capabilities across the organization +- **New Content: Implementing polyrepo engineering** - Published a design guide for coordinating engineering across multiple repositories, including manifest-driven integration, change set management, reusable workflow versioning, and release governance patterns +- **Update: NIST SSDF implementation** - Expanded the NIST Secure Software Development Framework scenario with updated guidance on security configurations, repository rulesets, and practical implementation steps across all SSDF practice areas +- **Update: Securing GitHub Actions workflows** - Enhanced the Actions security recommendation with detailed OIDC claims guidance, immutable subject identifiers, repository ruleset examples, and refined best practices for secure workflow patterns +- **Update: Application Security design principles** - Added a security-by-design approach and developer workspace security considerations to the Application Security pillar's design principles +- **Update: Anti-patterns** - Added guidance on avoiding PII detection with secret scanning custom patterns, highlighting why repurposing secret scanning for personally identifiable information creates compliance risk and alert fatigue diff --git a/docs/contributors-montage.png b/docs/contributors-montage.png index 6e9f0a7..e3f469b 100644 Binary files a/docs/contributors-montage.png and b/docs/contributors-montage.png differ diff --git a/docs/contributors.md b/docs/contributors.md index c069193..7598e63 100644 --- a/docs/contributors.md +++ b/docs/contributors.md @@ -5,6 +5,6 @@ Thank you to all the amazing people who have contributed to the GitHub Well-Arch ![Contributors Montage](contributors-montage.png) -@KittyChiu @colossus9 @CallMeGreg @collinmcneese @PickHub @btessiau @sdehm @garnertb @kenmuse @igwejk @jennysharps @jackie-mak @igorcosta @arilivigni @steffen @pwideman @dhruvg20 @Copilot @kbridgford @brntbeer @data-douser @ssulei7 @felicitymay @lineville @Jeffrey-Luszcz @Steve-Glass @abhi-dutta @solvaholic @robandpdx @gitstua @parkerbxyz @andrewakim @thomasphorton @victorp13 +@KittyChiu @colossus9 @CallMeGreg @collinmcneese @PickHub @btessiau @sdehm @garnertb @kenmuse @joshjohanning @igwejk @jennysharps @jackie-mak @igorcosta @arilivigni @steffen @pwideman @dhruvg20 @antgrutta @kbridgford @brntbeer @data-douser @ssulei7 @felicitymay @lineville @Jeffrey-Luszcz @Steve-Glass @abhi-dutta @Zenulous @solvaholic @petercort @jc-avella @robandpdx @gitstua @parkerbxyz @andrewakim @thomasphorton @victorp13 @robertpd diff --git a/layouts/shortcodes/seeking-further-assistance-details.html b/layouts/shortcodes/seeking-further-assistance-details.html index 1499905..ef18283 100644 --- a/layouts/shortcodes/seeking-further-assistance-details.html +++ b/layouts/shortcodes/seeking-further-assistance-details.html @@ -15,4 +15,4 @@ ### GitHub Community -Join the [GitHub Community Forum](https://github.com/orgs/community/discussions/) to ask questions, share knowledge, and connect with other GitHub users. It’s a great place to get advice and solutions from experienced users. \ No newline at end of file +Join the [GitHub Community Forum](https://github.com/orgs/community/discussions?discussions_q=label%3A%22GitHub+Well-Architected%22) to ask questions, share knowledge, and connect with other GitHub users. It’s a great place to get advice and solutions from experienced users.