GitHub has announced security alerts for developers are now available. The company first announced security alerts at the GitHub Universe conference last month. The new solution is designed to detect vulnerable dependencies, alert affected repositories, and suggest known fixes.
The security alerts are a part of the company’s recently announced dependency graph, which enables developers to keep track of packages and apps without having to leave their repository.
Security alerts will automatically be enabled for public repositories. Private repositories will need to opt in to security alerts through its repository settings. Admins will receive any security alerts by defaults. Admins can also use the dependency graph settings to have alerts go to additional team members or individuals, according to Han.
“When we notify you about a potential vulnerability, we’ll highlight any dependencies that we recommend updating. If a known safe version exists, we’ll select one using machine learning and publicly available data, and include it in our suggestion,” Han wrote.