GitHub's new Service will Alert you of Security Flaws

There’s a new service launched from software developing platform, GitHub. The service alerts developers after searching for project dependencies in JavaScript and Ruby. Once any threat is found, the developer is informed of the vulnerability. Thus, the developers can immediately update the project dependencies.

So far, the service is supported by JavaScript and Ruby. GitHub promises to add Python support next year. Once the ‘dependency graph’ is turned on, the service is automatically enabled. As for public repositories, it is automatically turned on, said GitHub.

Stay Alert

Based on the public vulnerabilities in Ruby gems and NPM, the alerts are sent out. These vulnerabilities include the package manager for Node.js, on MITRE's Common Vulnerabilities, and Exposures (CVE) List. Once Python is added, that too will be part of the alert list. GitHub has promised users that Python will make it to the list next year.

The alerts are only sent to the project owner or the developer and a few others with admin access to repositories. GitHub has also said that it would never disclose the vulnerability of a specific repository. The alerts will be sent through emails, web notifications, or through the GitHub interface. The developer can pick his choice to receive the alerts.