GitHub now warns of security flaws in your project
Updated: December 06, 2017 04:11AM UTC
By Ryan Daws
Date: Wednesday, December 06, 2017
GitHub is helping to ensure your project is secure by alerting developers if a vulnerability is detected.
The company says over 745 percent of projects hosted on the platform use dependencies, and that opens them up to inherent vulnerabilities.
Last month, GitHub launched its ‘dependency graph’ feature to help keep track of those your code depends on. This month, it’s about checking those dependencies are secure.
With the dependency graph feature active, GitHub will notify developers if a vulnerability is detected and will even suggest known fixes supplied by the community. If a safe version exists, GitHub says it will “select one using machine learning and publicly available data, and include it in our suggestion.”
Public repositories automatically have the dependency graph and new security alert features enabled. Private ones, however, will need to opt-in by heading to the Dependency Graph section of the Insights tab.
Since GitHub promotes collaboration on projects, admins can add other teams or individuals they wish to receive security alerts within the settings.
GitHub says it will highlight all vulnerabilities with CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) but, as not all do, it will continue to improve its abilities to identify others as their security data grows.