This article was published on November 17, 2017

GitHub will now alert you of security flaws in your project dependencies


GitHub will now alert you of security flaws in your project dependencies

If you’re working with dependencies on your GitHub-hosted projects, you’ll be happy to know that the repo platform will now alert you about vulnerabilities in things like React, so you’re aware of security flaws that might harm your site or app.

The company says its new feature will also point you to fixes suggested by the GitHub community, so you can sort out these issues and keep your project running smoothly.

It’s currently supported only in Javascript and Ruby, and GitHub promises to add Python support next year.

To turn it on, you’ll need to enable your dependency graph (it’s automatically turned on in public repositories) by opting in in the repo settings, or finding the Insights tab and granting access there.

That’s good news for folks who want to keep their projects in top shape, but can’t yet afford or bother with third-party security tools like Gemnasium or Snyk (whose plans start $50 and $99 a month, respectively).

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top