Github Security Alerts Feature Gets Support for Java and .Net Projects

GitHub, the popular code hosting service, has made a few updates to their platform this week. With most of the changes done for the developers, there are 3 new security features for project owners as well. One of the major improvements is done to the Github Security Alerts feature.

With a further update, it now supports Java and .NET projects along with JavaScript, Python and Ruby already supported. Live since last year, the feature works by identifying the dependency of a vulnerable project for outdated libraries and modules.

How the updated Github Security Alerts feature helps developers?

Initially launched with support for JavaScript in November 2017, the feature added a support for Python projects in July 2018. Industry Experts were already expecting GitHub to add support for Java, one of the most used programming languages.

  • The GitHub scanner scans projects for any potential vulnerability like the use of an old library with a security bug.
  • In case of any such detection, it sends an alert asking the developer to update his project’s dependencies.
  • The updated GitHub gets an ability to scan manifest files such as package.json (for JavaScript), requirements.txt or Pipfile.lock (for Python), gemfiles (for Ruby), and pom.xml (for Java) among others.
  • A few examples include project.json, as app.manifest, csproj files, and .MSBuild files.

Github Security Alerts – A Holistic Feature

All users can access the feature, made available in the “Insights” tab under “Alert” option in each GitHub project. However, the Github’s updated security feature isn’t completely flawless and has its own loopholes. For instance, it can only identify the issues that received a CVE identifier and are indexed in the DSH’s NVD portal. What we intend to say is that one can overlook some of the issues.
As of now, developers have taken a huge advantage of the new update to the Github Security Alerts feature. With the updates, developers have removed as much as 450,000 issues from their projects.

Do you think this was a useful article for you? Feel free to provide your comments and concerns in the below comment section.

Close

About The Author

Shachi singh
Shachi singh is a member of the fastest growing bloggers community "betechnical", I love writing blogs on tech tutorials, gadgets review.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.