GitHub, the popular code hosting service, has made a few updates to their platform this week. With most of the changes done for the developers, there are 3 new security features for project owners as well. One of the major improvements is done to the Github Security Alerts feature.
How the updated Github Security Alerts feature helps developers?
- The GitHub scanner scans projects for any potential vulnerability like the use of an old library with a security bug.
- In case of any such detection, it sends an alert asking the developer to update his project’s dependencies.
- A few examples include project.json, as app.manifest, csproj files, and .MSBuild files.
Github Security Alerts – A Holistic Feature
All users can access the feature, made available in the “Insights” tab under “Alert” option in each GitHub project. However, the Github’s updated security feature isn’t completely flawless and has its own loopholes. For instance, it can only identify the issues that received a CVE identifier and are indexed in the DSH’s NVD portal. What we intend to say is that one can overlook some of the issues.
As of now, developers have taken a huge advantage of the new update to the Github Security Alerts feature. With the updates, developers have removed as much as 450,000 issues from their projects.
Do you think this was a useful article for you? Feel free to provide your comments and concerns in the below comment section.