sb-au logo
Story image

GitHub to boost security tracking for developers' projects

13 Oct 2017

GitHub has unveiled security improvements to its coding platform, which will allow developers to track which dependencies are associated with public security vulnerabilities.

The new plans were revealed at the annual GitHub Universe developer conference, which is taking place in San Francisco this week.

According to GitHub, software builders may rely on some of the millions of open source projects on the platform.

The company has now created a dependency graph that allows developers to track which other projects they are using in their work, and which of their projects other developers are using – all without leading their repositories.

“ Now, our data can help you manage increasingly complex dependencies and keep your code safer as you work on connected projects—even for private repositories,” the company states in a blog.

Eventually, the dependency graph will track when dependencies are open to public security vulnerabilities. The company will notify those affected and may suggest known security fixes.

Security alerts are the first in what we hope will be a robust collection of tools to keep your code safe, and we need people who build on our APIs to help us make them even better —and to keep security data current for the community,” the company says.

GitHub also revamped the way it allows users to discover and contribute to new projects.

Its news feed has been updated to include ‘discover repositories’ that show recommendations for open source projects tailored to users based on their own preferences and popular GitHub projects.

The ‘Explore’ experience has also been curated to show collections, topics and resources from contributors worldwide.

“Collections are hand-picked resources from the GitHub universe and beyond. Browse collections to learn about ideas that interest you, like machine learning or game development, and find repositories and organizations that help you dig deeper,” the company says.

“Topic pages help you find projects related to technologies, languages, frameworks, or platforms—thanks to the GitHub community’s topic tags. Use topic pages to find all Android or CSS projects for example, and suggest edits to topic pages in our public repository.”

GitHub will also be introducing premium support for GitHub Enterprise customers. It is also working on a new community forum, marketplace trial program and a team discussion tool.

In 2017, GitHub hosted 24 million developers; 67 million repositories and 1.3 million students learning on the platform, according to its Octoverse report.

GitHub Universe wraps up today in San Francisco.

Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Link image
Remote working remains a high-risk endeavour
A remote workforce needs phishing protection, automated incident response and security training to avoid the worst from happening. Here's how to get there.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More