Do you know about GitHub Security Feature Updates?

GitHub, the popular code hosting service has made few updates in their platform this week. The company mostly brought in the changes for the developers. However, there are three new security features as well, specifically for Project owners. One of the major improvements is further update if the Security Alerts feature which will now support Java and .NET projects along with original JavaScript, Python and Ruby. The feature is live since last year and works by identifying the dependency of a Project for outdated libraries and modules where some vulnerability is pointed.

How is it helping Developers?

In case GitHub scanner comes across an issue where developer has used an old library with a security bug, an alert would be send asking the developer to update his project’s dependencies. Initially, the feature was launched in November 2017 for JavaScript and Ruby Projects but later it was made available to Python projects in July 2018. Industry Experts were already expecting GitHub to offer support for Java which is one of the most used programming languages.?

The updated GitHub would have the ability to scan manifest files such as package.json (for JavaScript projects), requirements.txt or Pipfile.lock (for Python projects), gemfiles (for Ruby projects), and pom.xml (for Java projects) among others such as, project.json, as app.manifest, csproj files, and .MSBuild files.

A Holistic Feature

Also, the security alerts feature can be used by all users and would be available in each GitHub project’s “Insights” tab, under the “Alert” option. However, the security feature from GitHub comes with its own loopholes. For instance, it can only identify the issues which have received a CVE identifier and have been indexed in the DSH’s NVD portal. What we intent to say is that some of the issues might be overlooked.

However, as of now developers have been able to take the benefit of the new update by getting the updates and removing as much as 450,000 issues from their projects.

Close

About The Author

Shachi singh
Shachi singh is a member of the fastest growing bloggers community "betechnical", I love writing blogs on tech tutorials, gadgets review.

This site uses Akismet to reduce spam. Learn how your comment data is processed.