GitHub Advisory Database now accepts community contributions

GitHub Advisory Database now accepts community contributions
Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter: @Gadget_Ry

GitHub is opening its Advisory Database to community contributions to help further secure software supply chains.

One vulnerability can have a devastating “domino effect” on software across the globe. With the use of open-source increasing, so does the threat of a vast amount of software being compromised.

GitHub launched its Advisory Database almost two years ago. As the largest database of vulnerabilities in software dependencies in the world, it’s become an invaluable resource.

Until now, the database has been maintained solely by GitHub’s teams of security researchers. However, GitHub believes it can become a more powerful resource with the help of the community.

“There are community members with additional insights and intelligence on CVEs that do not have a place to share this knowledge,” explains GitHub in a blog post.

To that end, GitHub is publishing the full contents of the Advisory Database to a new public repository and launching a user interface for making contributions.

The community is able to contribute by navigating to the advisory they wish to contribute to and then submit their research through the “suggest improvements for this vulnerability” workflow.

“GitHub believes that free and open security data is critical to empowering the industry as a whole to best secure our software supply chains,” says the company.

Related: Software supply chain attacks increased over 300% in 2021

Looking to revamp your digital transformation strategy? Learn more about Digital Transformation Week taking place on 11-12 May 2022 and discover key strategies for making your digital efforts a success.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published.