GitHub has announced security alerts for developers are now available. The company first announced security alerts at the GitHub Universe conference last month. The new solution is designed to detect vulnerable dependencies, alert affected repositories, and suggest known fixes.
The security alerts are a part of the company’s recently announced dependency graph, which enables developers to keep track of packages and apps without having to leave their repository.
“Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for the over 75 percent of GitHub projects that have dependencies, we’re helping you do more than see those important projects,” Miju Han, engineering manager of data science at GitHub, wrote in a post.
Security alerts will automatically be enabled for public repositories. Private repositories will need to opt in to security alerts through its repository settings. Admins will receive any security alerts by defaults. Admins can also use the dependency graph settings to have alerts go to additional team members or individuals, according to Han.
“When we notify you about a potential vulnerability, we’ll highlight any dependencies that we recommend updating. If a known safe version exists, we’ll select one using machine learning and publicly available data, and include it in our suggestion,” Han wrote.
The security alerts will include vulnerabilties with CVE IDs, and support JavaScript and Ruby. Going forward, the company will work on growing its security data to protect a range of vulnerabilties. Han revealed python support is expected in 2018.