News Detail

GitHub now warns of security flaws in your project

Updated: December 06, 2017 04:11AM

Source: 

By Ryan Daws

Date: Wednesday, December 06, 2017

Summary: 

GitHub is helping to ensure your project is secure by alerting developers if a vulnerability is detected.

The company says over 745 percent of projects hosted on the platform use dependencies, and that opens them up to inherent vulnerabilities.

Last month, GitHub launched its ‘dependency graph’ feature to help keep track of those your code depends on. This month, it’s about checking those dependencies are secure.

With the dependency graph feature active, GitHub will notify developers if a vulnerability is detected and will even suggest known fixes supplied by the community. If a safe version exists, GitHub says it will “select one using machine learning and publicly available data, and include it in our suggestion.”

Public repositories automatically have the dependency graph and new security alert features enabled. Private ones, however, will need to opt-in by heading to the Dependency Graph section of the Insights tab.

Since GitHub promotes collaboration on projects, admins can add other teams or individuals they wish to receive security alerts within the settings.

GitHub says it will highlight all vulnerabilities with CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) but, as not all do, it will continue to improve its abilities to identify others as their security data grows.

“This is the next step in using the world’s largest collection of open source data to help you keep code safer and do your best work,” says Miju Han, Director of Product at GitHub. “The dependency graph and security alerts currently support Javascript and Ruby—with Python support coming in 2018.”

Recent News

CONTACT INFORMATION:

  • Bangalore: #1615, 2nd floor, 5th main, E-Block, AECS Layout, Kundalahalli, Bengaluru-37, India
    Gwalior: 152 Sharda Vihar, Near New High court Gwalior-474011, M.P., India
    NC: 300 Long Shoals Rd. Suite 4W, Arden, NC 28704, USA
  •  (+91)7514077126, (+91)8435878382
  •  +1(234)300-2425, +1(828)348-4608

CONTACT US:

15 - 9 =

Regular Business Hours:

  • IST 9:00 am - 7:00 pm
    EST 9:00 am - 7:00 pm
  • In Case of Emergency: 24x7 All Time Zone