GitHub Adds New Code Security Features
Written by Kay Ewbank   
Monday, 01 July 2019

GitHub has introduced new features designed to keep code secure with the addition of WhiteSource data to security vulnerability alerts, and dependency insights. 

The features are designed to minimize the problem caused when developers use open-source code that they don't know contains security vulnerabilities. In the past, the problem has been that there hasn't been a simple way for a developer using a library to report a possible security vulnerability to the owner of the library. This has led to vulnerabilities being left open to exploitation. From the other side, library owners haven't had a general way to report to users when a problem has been identified.

githubdeklogo

The first improvement from GitHub is the addition of WhiteSource data to security vulnerability alerts. The security vulnerability alert feature launched in beta in 2017, and since then GitHub has sent almost 27 million security alerts for vulnerable dependencies in .NET, Java, JavaScript, Python and Ruby. GitHub has now announced a partnership with WhiteSource data to broaden coverage of potential security vulnerabilities in open source projects and to provide increased detail to assess and remediate vulnerabilities. 

The second improvement announced by GitHub is a feature called dependency insights. This is a tool that can be used to find dependencies when a security vulnerability is released publicly. It builds on GitHub's existing dependency graph to provide organizations with a clearer view of their dependencies, including details on security vulnerabilities and open source licenses.

The final improvement comes from the fact that GitHub has acquired Dependabot and integrated it into GitHub. Dependabot provides automated dependency updates for Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm projects. Using it, GitHub is able to monitor dependencies for known security vulnerabilities and automatically open pull requests to update them to the minimum required version. GitHub says it will be rolling out automated pull requests to all accounts with security alerts enabled over the coming months.

 githubdeklogo

 

More Information

GitHub

Related Articles

GitHub Acquires Pull Panda

Counting Vulnerabilities In Open Source Projects and Programming Languages

Don't Neglect Open Source Security

GitHub Sponsors - Money For Open Source

GitHub Bug Bounty Program Expanded In Scope and Reward 

Microsoft GitHub - What's Different

GitHub Launches Draft Pull Requests

GitHub Launches Actions

GitHub For Unity Now Available

GitHub Security Alerts For Python

Microsoft Buys GitHub - Get Ready For a Bigger Devil

GitHub Marketplace Now Accepts Free Apps and Offers Free Trials

GitHub Octoverse Reveals The State Of Open Source

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


pg_parquet - Postgres To Parquet Interoperability
28/11/2024

pg_parquet is a new extension by Crunchy Data that allows a PostgreSQL instance to work with Parquet files. With pg_duckdb, pg_analytics and pg_mooncake all of which can access Parquet files, is  [ ... ]



Google Releases Gemini 2 And Jules Code Agent
18/12/2024

Google has announced an updated version of Gemini, saying that Gemini 2.0 Flash Experimental will "enable even more immersive and interactive applications", along with new coding agents that can take  [ ... ]


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Monday, 01 July 2019 )