GitHub is launching the “dependency graph,” which gives developers an easy way to see all the other packages and applications their own code uses (this currently only works for Ruby and JavaScript, though, with support for Python coming soon). With this in place, the team can then also track these dependencies against the standard vulnerability databases and notify developers if any of their dependencies are vulnerable. GitHub lists these security alerts as “coming soon,” so it may still be a while before this goes live, but it’s definitely a step in the right direction.
No comments:
Post a Comment