GitHub Adds New Code Security Features
Written by Kay Ewbank   
Monday, 01 July 2019

GitHub has introduced new features designed to keep code secure with the addition of WhiteSource data to security vulnerability alerts, and dependency insights. 

The features are designed to minimize the problem caused when developers use open-source code that they don't know contains security vulnerabilities. In the past, the problem has been that there hasn't been a simple way for a developer using a library to report a possible security vulnerability to the owner of the library. This has led to vulnerabilities being left open to exploitation. From the other side, library owners haven't had a general way to report to users when a problem has been identified.

githubdeklogo

The first improvement from GitHub is the addition of WhiteSource data to security vulnerability alerts. The security vulnerability alert feature launched in beta in 2017, and since then GitHub has sent almost 27 million security alerts for vulnerable dependencies in .NET, Java, JavaScript, Python and Ruby. GitHub has now announced a partnership with WhiteSource data to broaden coverage of potential security vulnerabilities in open source projects and to provide increased detail to assess and remediate vulnerabilities. 

The second improvement announced by GitHub is a feature called dependency insights. This is a tool that can be used to find dependencies when a security vulnerability is released publicly. It builds on GitHub's existing dependency graph to provide organizations with a clearer view of their dependencies, including details on security vulnerabilities and open source licenses.

The final improvement comes from the fact that GitHub has acquired Dependabot and integrated it into GitHub. Dependabot provides automated dependency updates for Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm projects. Using it, GitHub is able to monitor dependencies for known security vulnerabilities and automatically open pull requests to update them to the minimum required version. GitHub says it will be rolling out automated pull requests to all accounts with security alerts enabled over the coming months.

 githubdeklogo

 

More Information

GitHub

Related Articles

GitHub Acquires Pull Panda

Counting Vulnerabilities In Open Source Projects and Programming Languages

Don't Neglect Open Source Security

GitHub Sponsors - Money For Open Source

GitHub Bug Bounty Program Expanded In Scope and Reward 

Microsoft GitHub - What's Different

GitHub Launches Draft Pull Requests

GitHub Launches Actions

GitHub For Unity Now Available

GitHub Security Alerts For Python

Microsoft Buys GitHub - Get Ready For a Bigger Devil

GitHub Marketplace Now Accepts Free Apps and Offers Free Trials

GitHub Octoverse Reveals The State Of Open Source

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

Banner


Fukuoka Ruby Award 2021 Prestigious Ruby Prize
20/07/2020

While most Rubyists are probably familiar with the Fukuoka Ruby Award there may be multi-linguists who could be tempted to join in a competition that asks you to use Ruby, possibly in conjunction [ ... ]



Redis Adds New Modules
10/07/2020

The Redis team has released several new modules. RedisRaft is brand new and still under development, while RedisAI and Redis Gears were announced a year ago, and are now generally  [ ... ]


More News

graphics

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Monday, 01 July 2019 )