Github launches new tools to say when your project’s dependencies get pwned
Github today announced the introduction of more robust security features for its users, which will help developers identify vulnerable dependencies in their code.
The announcement came at the company’s flagship Github Universe conference, taking place at Pier 70 in San Francisco. The new feature, called Dependency Graph, enumerates the software libraries that constitute a project. This information is then visualized in a way that’s easy for developers to digest, giving them an accurate overview of their codebase.
Github intends to build upon this with Security Alerts. This will alert developers when vulnerabilities are discovered in libraries they use. This allows them to take immediate action, potentially preventing a severe compromise of security, or a catastrophic data breach.
The company says, where possible, it will advise developers on appropriate steps to take in order to resolve the issue.
Dependency graph launches today, with Security Alerts to soon follow. It supports both public and private repositories. Language support consists of Ruby and JavaScript, with Python to follow.