GitHub Adds Python for Security Alerts

Tuesday, July 17, 2018 @ 05:07 PM gHale

GitHub added Python to its system that scans coding languages for security vulnerabilities.

Python is the third addition, which started up last year with Ruby and JavaScript.

RELATED STORIES
Cisco Patches High Risk Holes
Apple Issues Security Updates
Adobe Patches 113 Vulnerabilities
Patch Tuesday Fixes 53 Holes

With this update, the largest code repository platform, which is currently in the process of being acquired by Microsoft for $7.5 billion, can look into Python code published by developers and issue notifications for known security vulnerabilities.

“We’re pleased to announce that we’ve shipped Python support. As of this week, Python users can now access the dependency graph and receive security alerts whenever their repositories depend on packages with known security vulnerabilities,” GitHub officials said.

This new feature will be introduced gradually, and at this point, only a few recent vulnerabilities are supported, though Microsoft said more known issues would be added over the coming weeks.

“Going forward, we will continue to monitor the NVD feed and other sources, and will send alerts on any newly disclosed vulnerabilities in Python packages,” GitHub said.

Developers can access the dependency graph to receive security alerts if their repositories depend on packages that GitHub has labeled as vulnerable.

“Public repositories will automatically have your dependency graph and security alerts enabled. For private repositories, you’ll need to opt in to security alerts in your repository settings or by allow access in the dependency graph section of your repository’s ‘Insights’ tab,” GitHub said.

According to official data, this vulnerability alert system already discovered four million vulnerabilities in 500,000 Ruby and JavaScript repositories since its debut last year, and GitHub expects the number to continue to grow.



Leave a Reply

You must be logged in to post a comment.