GitHub Security Alerts Now Support Python Projects
GitHub is a web-based hosting service for version control using Git. It is mostly used for computer code. It offers all of the distributed version control and source code management (SCM) functionality of Git as well as adding its own features. It provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.
GitHub has updated its security alerts feature this week to support Python projects, after previously supporting JavaScript and Ruby.
The feature, which launched last November, works by analyzing a project’s dependencies and warning owners if their project is using an older version of a library that is vulnerable to known vulnerabilities.
Security alerts now available for Python projects
These security alerts are displayed by default in each GitHub project’s “Insights” tab, under the Dependency Graph option.
The graph shows a tree-like structure of all the libraries that are loaded inside a coding project based on manifest files included in each project.
Supported manifest files include package.json (for JavaScript projects) gemfiles (for Ruby projects), and requirements.txt or Pipfile.lock (for Python projects).
If users can’t be bothered with checking that page for new entries, GitHub also lets developers set different notification methods such as:
ϟ A banner in the GitHub interface
ϟ Web notifications on the GitHub domain
ϟ Email notifications for each new vulnerability
ϟ Daily or weekly email digests of new vulnerabilities
Security alerts have had a positive impact
One of the reasons GitHub has seen such a massive improvement is because the security alerts feature is enabled by default for all public projects, while maintainers of private repos have to enable it manually.
The security alerts feature is not perfect, as it relies on the CVE vulnerabilities identification system to keep track of known security bugs, meaning that if vulnerabilities have not received a CVE or their entry has not been updated on the NVD portal (from where GitHub pulls its data), the alerts system may not cover all security issues. All in all, it’s still better than nothing.
GitHub did not say what other programming language may receive notifications next, but .NET projects are a strong candidate due to the use of manifest files and the development environment’s popularity. Also, Microsoft bought GitHub, and that may also play a role in choosing the next project.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Other Location for Online Courses: