GitHub Security Alerts Now Support Python Projects
GitHub is a web-based hosting service for version control using Git. It is mostly used for computer code. It offers all of the distributed version control and source code management (SCM) functionality of Git as well as adding its own features. It provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.
The feature, which launched last November, works by analyzing a project’s dependencies and warning owners if their project is using an older version of a library that is vulnerable to known vulnerabilities.
Security alerts now available for Python projects
These security alerts are displayed by default in each GitHub project’s “Insights” tab, under the Dependency Graph option.
The graph shows a tree-like structure of all the libraries that are loaded inside a coding project based on manifest files included in each project.
If users can’t be bothered with checking that page for new entries, GitHub also lets developers set different notification methods such as:
ϟ A banner in the GitHub interface
ϟ Web notifications on the GitHub domain
ϟ Email notifications for each new vulnerability
ϟ Daily or weekly email digests of new vulnerabilities
Security alerts have had a positive impact
One of the reasons GitHub has seen such a massive improvement is because the security alerts feature is enabled by default for all public projects, while maintainers of private repos have to enable it manually.
The security alerts feature is not perfect, as it relies on the CVE vulnerabilities identification system to keep track of known security bugs, meaning that if vulnerabilities have not received a CVE or their entry has not been updated on the NVD portal (from where GitHub pulls its data), the alerts system may not cover all security issues. All in all, it’s still better than nothing.
GitHub did not say what other programming language may receive notifications next, but .NET projects are a strong candidate due to the use of manifest files and the development environment’s popularity. Also, Microsoft bought GitHub, and that may also play a role in choosing the next project.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: