Share This Post

News/PR

Developers to get security alerts for known vulnerabilities with new GitHub feature

Developers to get security alerts for known vulnerabilities with new GitHub feature

GitHub – one of the largest development platforms, launched a new security feature that has the capability to search project dependencies in JavaScript and Ruby, and alert project owners on finding any known vulnerability.

Earlier in mid-October, GitHub had introduced a Dependency Graph section in the Project’s Insights tab that show a tree-like structure of all the loaded libraries. The new feature is the next step to improve the overall experience of managing and running projects in GitHub.

As soon as a new vulnerability is detected, the user will get notified along with the known fixes to the issue.

This feature is a major step towards ensuring code’s security in the projects running on GitHub. With GitHub now hosting nearly 67 million of repositories and projects that rely on software libraries and software packages that do not get updated frequently, security is major concern.

Developers can keep a check on the security alerts that can be accessed under Insights tab of any project. Users will also get email notifications whenever GitHub updates its database with information about new vulnerability.

Source: GitHub

The security feature will be automatically enabled for the public repositories while for private repositories, owners will need to opt in security alerts in their repository setting or simply by allowing access in the dependency graph section of their repository’s insights tab. The user will get suggestions on recommended updates and for moving to a safer version.

The vulnerabilities disclosed will be those that have CVE IDs – disclosed publicly from the NVD (National Vulnerability Database). However, GitHub plans to improve the vulnerability identification process.

The company also plans to extend support for Dependency Graph and security alerts which is currently enabled on Javascript and Ruby, and will include Python in 2018.

Share This Post

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Skip to toolbar