Story image

GitHub to boost security tracking for developers' projects

13 Oct 2017

GitHub has unveiled security improvements to its coding platform, which will allow developers to track which dependencies are associated with public security vulnerabilities.

The new plans were revealed at the annual GitHub Universe developer conference, which is taking place in San Francisco this week.

According to GitHub, software builders may rely on some of the millions of open source projects on the platform.

The company has now created a dependency graph that allows developers to track which other projects they are using in their work, and which of their projects other developers are using – all without leading their repositories.

“ Now, our data can help you manage increasingly complex dependencies and keep your code safer as you work on connected projects—even for private repositories,” the company states in a blog.

Eventually, the dependency graph will track when dependencies are open to public security vulnerabilities. The company will notify those affected and may suggest known security fixes.

Security alerts are the first in what we hope will be a robust collection of tools to keep your code safe, and we need people who build on our APIs to help us make them even better —and to keep security data current for the community,” the company says.

GitHub also revamped the way it allows users to discover and contribute to new projects.

Its news feed has been updated to include ‘discover repositories’ that show recommendations for open source projects tailored to users based on their own preferences and popular GitHub projects.

The ‘Explore’ experience has also been curated to show collections, topics and resources from contributors worldwide.

“Collections are hand-picked resources from the GitHub universe and beyond. Browse collections to learn about ideas that interest you, like machine learning or game development, and find repositories and organizations that help you dig deeper,” the company says.

“Topic pages help you find projects related to technologies, languages, frameworks, or platforms—thanks to the GitHub community’s topic tags. Use topic pages to find all Android or CSS projects for example, and suggest edits to topic pages in our public repository.”

GitHub will also be introducing premium support for GitHub Enterprise customers. It is also working on a new community forum, marketplace trial program and a team discussion tool.

In 2017, GitHub hosted 24 million developers; 67 million repositories and 1.3 million students learning on the platform, according to its Octoverse report.

GitHub Universe wraps up today in San Francisco.

Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
Gartner’s top 10 data and analytics trends for 2019
Data is the fuel for the modern world, and analytics the engine. Gartner has compiled the top 10 trends to watch this year.
How CIOs can work with colleagues to drive new competitive advantages
"If recent history has taught us anything, it’s that the role of the CIO is always changing, and that it won’t stop changing anytime soon."