GitHub now warns of security flaws in your project

GitHub is helping to ensure your project is secure by alerting developers if a vulnerability is detected.

The company says over 745 percent of projects hosted on the platform use dependencies, and that opens them up to inherent vulnerabilities.

Last month, GitHub launched its ‘dependency graph’ feature to help keep track of those your code depends on. This month, it’s about checking those dependencies are secure.

With the dependency graph feature active, GitHub will notify developers if a vulnerability is detected and will even suggest known fixes supplied by the community. If a safe version exists, GitHub says it will “select one using machine learning and publicly available data, and include it in our suggestion.”

Public repositories automatically have the dependency graph and new security alert features enabled. Private ones, however, will need to opt-in by heading to the Dependency Graph section of the Insights tab.

Since GitHub promotes collaboration on projects, admins can add other teams or individuals they wish to receive security alerts within the settings.

GitHub says it will highlight all vulnerabilities with CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) but, as not all do, it will continue to improve its abilities to identify others as their security data grows.

“This is the next step in using the world’s largest collection of open source data to help you keep code safer and do your best work,” says Miju Han, Director of Product at GitHub. “The dependency graph and security alerts currently support Javascript and Ruby—with Python support coming in 2018.”

Are you glad to see GitHub offering vulnerability warnings? Let us know in the comments.

Related Post

Rojenx is a leading concept artist who work appears in games and publications

Check out his personal gallery here

In other news …