Categories: Open SourceSoftware

GitHub Notifies Developers If Their Software Project Has A Security Issue

GitHub will alert developers when their code has a known vulnerability in what is being described as an “important step” for open source security.

The world’s largest code sharing platform launched ‘Dependency Graph’ last month, highlighting which dependencies a software project was reliant upon and if there were any security threats.

JavaScript and Ruby are the only two languages supported at present but Python will arrive early next year.

Open source security

Now, automatic notifications will be issued to admins, who can then choose to issue them to specific teams or individuals. The notification will highlight any dependencies and then recommend updating if a known safe version exists. Machine Learning is used to determine a suggestion.

Vulnerabilities that have CVE IDs will be included in alerts but there is an acknowledgement that even some publicly-disclosed bugs don’t necessarily have a CVE. GitHub says the more it learns about threats, the better it will get at identifying security data.

“This is the next step in using the world’s largest collection of open source data to help you keep code safer and do your best work,” it said.

The issue of open source security has become more prominent in the past few years. The Heartbleed bug, which impacted OpenSSL, Poodle, a vulnerability in SSL, and the Shellshock vulnerability in Bash all affected tech firms of all sizes and resulted in the creation of the Core infrastructure Initiative (CII), a Linux-Foundation led initiative to improve open source security.

CII’s financial backers include Adobe, Bloomberg, HP, VMware, Rackspace, NetApp, Microsoft, Intel, IBM, Google, Fujitsu, Facebook, Dell, Amazon and Cisco.

What do you know about Linux? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Microsoft To Acquire Activision Blizzard For $68.7 Billion

Huge tech acquisition, as software giant seeks major expansion of its gaming credentials with purchase…

7 hours ago

Amazon Sued For Worker Death In Deadly Tornado Strike

Parents sue Amazon for wrongful death, after son was among six workers killed when Amazon…

10 hours ago

Twitter Expands Misleading Tweet Feature

Twitter has expanded its test feature to other countries that allows users to flag or…

10 hours ago

US Airline Bosses Warn Of ‘Catastrophic’ Aviation Crisis Due To 5G

US aviation 5G scare-mongering continues, as CEOs of ten US airlines warn of 'havoc' caused…

11 hours ago

Government Backs Ad Campaign Against End-To-End Encryption

Public funds to used for government-backed advertising campaign against end-to-end encryption, but security experts argue…

13 hours ago

Amazon Last Minute Extension For Visa Card Payments

UK Amazon users can continue using their Visa cards for online shopping for now, after…

15 hours ago