GitHub Adds New Code Security Features
Written by Kay Ewbank   
Monday, 01 July 2019

GitHub has introduced new features designed to keep code secure with the addition of WhiteSource data to security vulnerability alerts, and dependency insights. 

The features are designed to minimize the problem caused when developers use open-source code that they don't know contains security vulnerabilities. In the past, the problem has been that there hasn't been a simple way for a developer using a library to report a possible security vulnerability to the owner of the library. This has led to vulnerabilities being left open to exploitation. From the other side, library owners haven't had a general way to report to users when a problem has been identified.

githubdeklogo

The first improvement from GitHub is the addition of WhiteSource data to security vulnerability alerts. The security vulnerability alert feature launched in beta in 2017, and since then GitHub has sent almost 27 million security alerts for vulnerable dependencies in .NET, Java, JavaScript, Python and Ruby. GitHub has now announced a partnership with WhiteSource data to broaden coverage of potential security vulnerabilities in open source projects and to provide increased detail to assess and remediate vulnerabilities. 

The second improvement announced by GitHub is a feature called dependency insights. This is a tool that can be used to find dependencies when a security vulnerability is released publicly. It builds on GitHub's existing dependency graph to provide organizations with a clearer view of their dependencies, including details on security vulnerabilities and open source licenses.

The final improvement comes from the fact that GitHub has acquired Dependabot and integrated it into GitHub. Dependabot provides automated dependency updates for Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm projects. Using it, GitHub is able to monitor dependencies for known security vulnerabilities and automatically open pull requests to update them to the minimum required version. GitHub says it will be rolling out automated pull requests to all accounts with security alerts enabled over the coming months.

 githubdeklogo

 

More Information

GitHub

Related Articles

GitHub Acquires Pull Panda

Counting Vulnerabilities In Open Source Projects and Programming Languages

Don't Neglect Open Source Security

GitHub Sponsors - Money For Open Source

GitHub Bug Bounty Program Expanded In Scope and Reward 

Microsoft GitHub - What's Different

GitHub Launches Draft Pull Requests

GitHub Launches Actions

GitHub For Unity Now Available

GitHub Security Alerts For Python

Microsoft Buys GitHub - Get Ready For a Bigger Devil

GitHub Marketplace Now Accepts Free Apps and Offers Free Trials

GitHub Octoverse Reveals The State Of Open Source

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Ai-Da's Portrait of Alan Turing At Auction
01/11/2024

Sotheby's Digital Art Day Action, now underway, features a large-scale portrait of  Alan Turing created by Ai-Da, the humanoid robot artist whose work, including this canvas, was exhibited at the [ ... ]



Go At Highest Rank Ever in TIOBE Index
20/11/2024

Go is currently in 7th place in the TIOBE Index for November 2024. Not only is this is the highest position it has ever had, it's percentage rating is almost equal to its all-time-high. Will Go contin [ ... ]


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Monday, 01 July 2019 )