GitHub now warns of security flaws in your project

GitHub now warns of security flaws in your project Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter (@Gadget_Ry) or Mastodon (

GitHub is helping to ensure your project is secure by alerting developers if a vulnerability is detected.

The company says over 745 percent of projects hosted on the platform use dependencies, and that opens them up to inherent vulnerabilities.

Last month, GitHub launched its ‘dependency graph’ feature to help keep track of those your code depends on. This month, it’s about checking those dependencies are secure.

With the dependency graph feature active, GitHub will notify developers if a vulnerability is detected and will even suggest known fixes supplied by the community. If a safe version exists, GitHub says it will “select one using machine learning and publicly available data, and include it in our suggestion.”

Public repositories automatically have the dependency graph and new security alert features enabled. Private ones, however, will need to opt-in by heading to the Dependency Graph section of the Insights tab.

Since GitHub promotes collaboration on projects, admins can add other teams or individuals they wish to receive security alerts within the settings.

GitHub says it will highlight all vulnerabilities with CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) but, as not all do, it will continue to improve its abilities to identify others as their security data grows.

“This is the next step in using the world’s largest collection of open source data to help you keep code safer and do your best work,” says Miju Han, Director of Product at GitHub. “The dependency graph and security alerts currently support Javascript and Ruby—with Python support coming in 2018.”

Are you glad to see GitHub offering vulnerability warnings? Let us know in the comments.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *