GitHub Adds New Code Security Features
Written by Kay Ewbank   
Monday, 01 July 2019

GitHub has introduced new features designed to keep code secure with the addition of WhiteSource data to security vulnerability alerts, and dependency insights. 

The features are designed to minimize the problem caused when developers use open-source code that they don't know contains security vulnerabilities. In the past, the problem has been that there hasn't been a simple way for a developer using a library to report a possible security vulnerability to the owner of the library. This has led to vulnerabilities being left open to exploitation. From the other side, library owners haven't had a general way to report to users when a problem has been identified.

githubdeklogo

The first improvement from GitHub is the addition of WhiteSource data to security vulnerability alerts. The security vulnerability alert feature launched in beta in 2017, and since then GitHub has sent almost 27 million security alerts for vulnerable dependencies in .NET, Java, JavaScript, Python and Ruby. GitHub has now announced a partnership with WhiteSource data to broaden coverage of potential security vulnerabilities in open source projects and to provide increased detail to assess and remediate vulnerabilities. 

The second improvement announced by GitHub is a feature called dependency insights. This is a tool that can be used to find dependencies when a security vulnerability is released publicly. It builds on GitHub's existing dependency graph to provide organizations with a clearer view of their dependencies, including details on security vulnerabilities and open source licenses.

The final improvement comes from the fact that GitHub has acquired Dependabot and integrated it into GitHub. Dependabot provides automated dependency updates for Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm projects. Using it, GitHub is able to monitor dependencies for known security vulnerabilities and automatically open pull requests to update them to the minimum required version. GitHub says it will be rolling out automated pull requests to all accounts with security alerts enabled over the coming months.

 githubdeklogo

 

More Information

GitHub

Related Articles

GitHub Acquires Pull Panda

Counting Vulnerabilities In Open Source Projects and Programming Languages

Don't Neglect Open Source Security

GitHub Sponsors - Money For Open Source

GitHub Bug Bounty Program Expanded In Scope and Reward 

Microsoft GitHub - What's Different

GitHub Launches Draft Pull Requests

GitHub Launches Actions

GitHub For Unity Now Available

GitHub Security Alerts For Python

Microsoft Buys GitHub - Get Ready For a Bigger Devil

GitHub Marketplace Now Accepts Free Apps and Offers Free Trials

GitHub Octoverse Reveals The State Of Open Source

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Python 3.11 Goes Faster
08/06/2022

Python doesn't do a bad job of being fast given how sophisticated it is, but it seems it is about to do a whole lot better according to independent benchmarks. Version 3.11 incorporates many of the ch [ ... ]



Amazon Adds Geofences To Amplify Geo
03/06/2022

Amazon has added support for Geofences to Amplify Geo. Amplify Geo can be used to add location-aware features to web applications, and developers can now display geometric boundaries using a cloud-con [ ... ]


More News

pythondata

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Monday, 01 July 2019 )