GitHub introducing Security Alerts in project dependencies

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Most of the projects today are using versioning system to maintain the every single version of work done by their developers. GitHub is one of the major player in this area. As of April 2017, GitHub reports having almost 20 million users and 57 million repositories, making it the largest host of source code in the world.

If you are using dependencies in your project and hosting it on GitHub, Good news for you. GitHub announcing today that it will alert users for security vulnerabilities in their project dependencies and suggest known fixes from GitHub Community.

GIT

Security alert will be available for both private and public repository. To get the alert you will need to enable dependency graph. Since public repositories are already enabled with dependency graph and security alert, they will get the notification by default. But, in private repositories you will need to enable them.

Once dependency graph is enabled, admin can also add someone from team to get security alert from dependency graph settings.

Currently, dependency graph supports Javascript and Ruby. Python is in pipeline and yet to come onboard in 2018.