× TECHNOLOGY
SOFTWARE NETWORKING CLOUD IT SERVICES MOBILE SECURITY STORAGE IOT DATA ANALYTICS CYBER SECURITY ORACLE SAP BIG DATA
BUSINESS
DIGITAL MARKETING ERP RETAIL HEALTHCARE TELECOM
MAGAZINE
CURRENT ISSUE ARCHIVE
OPINION ABOUT US CONTACT US

GitHub’s new Service will Alert you of Security Flaws

security flaw alert from github

 November 18, 2017

There’s a new service launched from software developing platform, GitHub. The service alerts developers after searching for project dependencies in JavaScript and Ruby. Once any threat is found, the developer is informed of the vulnerability. Thus, the developers can immediately update the project dependencies.

So far, the service is supported by JavaScript and Ruby. GitHub promises to add Python support next year. Once the ‘dependency graph’ is turned on, the service is automatically enabled. As for public repositories, it is automatically turned on, said GitHub.

Stay Alert

Based on the public vulnerabilities in Ruby gems and NPM, the alerts are sent out. These vulnerabilities include the package manager for Node.js, on MITRE's Common Vulnerabilities, and Exposures (CVE) List. Once Python is added, that too will be part of the alert list. GitHub has promised users that Python will make it to the list next year.

The alerts are only sent to the project owner or the developer and a few others with admin access to repositories. GitHub has also said that it would never disclose the vulnerability of a specific repository. The alerts will be sent through emails, web notifications, or through the GitHub interface. The developer can pick his choice to receive the alerts.

MAGAZINE