Story image

GitHub to boost security tracking for developers' projects

13 Oct 17

GitHub has unveiled security improvements to its coding platform, which will allow developers to track which dependencies are associated with public security vulnerabilities.

The new plans were revealed at the annual GitHub Universe developer conference, which is taking place in San Francisco this week.

According to GitHub, software builders may rely on some of the millions of open source projects on the platform.

The company has now created a dependency graph that allows developers to track which other projects they are using in their work, and which of their projects other developers are using – all without leading their repositories.

“ Now, our data can help you manage increasingly complex dependencies and keep your code safer as you work on connected projects—even for private repositories,” the company states in a blog.

Eventually, the dependency graph will track when dependencies are open to public security vulnerabilities. The company will notify those affected and may suggest known security fixes.

Security alerts are the first in what we hope will be a robust collection of tools to keep your code safe, and we need people who build on our APIs to help us make them even better —and to keep security data current for the community,” the company says.

GitHub also revamped the way it allows users to discover and contribute to new projects.

Its news feed has been updated to include ‘discover repositories’ that show recommendations for open source projects tailored to users based on their own preferences and popular GitHub projects.

The ‘Explore’ experience has also been curated to show collections, topics and resources from contributors worldwide.

“Collections are hand-picked resources from the GitHub universe and beyond. Browse collections to learn about ideas that interest you, like machine learning or game development, and find repositories and organizations that help you dig deeper,” the company says.

“Topic pages help you find projects related to technologies, languages, frameworks, or platforms—thanks to the GitHub community’s topic tags. Use topic pages to find all Android or CSS projects for example, and suggest edits to topic pages in our public repository.”

GitHub will also be introducing premium support for GitHub Enterprise customers. It is also working on a new community forum, marketplace trial program and a team discussion tool.

In 2017, GitHub hosted 24 million developers; 67 million repositories and 1.3 million students learning on the platform, according to its Octoverse report.

GitHub Universe wraps up today in San Francisco.

McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Forcepoint and Chillisoft - “a powerful combination”
Following Chillisoft’s portfolio expansion by signing on Forcepoint, the companies’ execs explain how this is a match made in cybersecurity heaven.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.