Developers don’t agree on much, but they sure do love GitHub. It is their first stop when looking for a bit of code to solve a problem and a great place to collaborate with other developers on public repos, improving the code for all to use.
As the amount of open source code hosted on GitHub has expanded significantly in recent years and open source vulnerabilities are on the rise, the issue of how GitHub manages security for their 31 million developer users has become more of a concern.THE COMPLETE GUIDE TO OPEN SOURCE LICENSES
In hopes of making their platform a better, and safer place to work, the good folks over at GitHub Security have been putting in overtime to add new features which were announced at this year’s GitHub Universe conference in October.
https://youtu.be/vB5nTx5fUXM?t=2197GitHub Security Expands Vulnerability Alerts To Java and .Net
GitHub’s vulnerability scanner has been providing alerts for JavaScrip and Ruby for over a year now , with python being included more recently over the summer, but in what appears to be a nod to their enterprise users the crew over at GitHub Security has added alerts for the Java and .Net.
This feature looks to solve the serious problem of a lack of visibility that developers and security teams have inside of their projects’ dependencies. It is easy to lose track of which components are built on top of others, so when one library in a dependency is discovered to be vulnerable, it is unlikely that a developer will become aware that they are using a risky component unless it is specifically flagged for them.
According to GitHub’s own data, 75% of projects on their platform have dependencies, which can hide some (Read more...)