GitHub now warns of security flaws in your project
GitHub is helping to ensure your project is secure by alerting developers if a vulnerability is detected.
The company says over 745 percent of projects hosted on the platform use dependencies, and that opens them up to inherent vulnerabilities.
Last month, GitHub launched its ‘dependency graph’ feature to help keep track of those your code depends on. This month, it’s about checking those dependencies are secure.
With the dependency graph feature active, GitHub will notify developers if a vulnerability is detected and will even suggest known fixes supplied by the community. If a safe version exists, GitHub says it will “select one using machine learning and publicly available data, and include it in our suggestion.”
Public repositories automatically have the dependency graph and new security alert features enabled. Private ones, however, will need to opt-in by heading to the Dependency Graph section of the Insights tab.
Since GitHub promotes collaboration on projects, admins can add other teams or individuals they wish to receive security alerts within the settings.
GitHub says it will highlight all vulnerabilities with CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) but, as not all do, it will continue to improve its abilities to identify others as their security data grows.
Are you glad to see GitHub offering vulnerability warnings? Let us know in the comments.
- » Apple launches accelerator in China to boost app design and development
- » Huawei founder provides more details about HongMeng OS
- » Project Catalyst: Apple explains how porting iPad apps to macOS works
- » Mobile becoming increasingly unpopular with UK game studios, study finds
- » Intel launches new C++-based language as part of One API plans