This article was published on October 11, 2017

Github launches new tools to say when your project’s dependencies get pwned


Github launches new tools to say when your project’s dependencies get pwned

Github today announced the introduction of more robust security features for its users, which will help developers identify vulnerable dependencies in their code.

The announcement came at the company’s flagship Github Universe conference, taking place at Pier 70 in San Francisco. The new feature, called Dependency Graph, enumerates the software libraries that constitute a project. This information is then visualized in a way that’s easy for developers to digest, giving them an accurate overview of their codebase.

Github intends to build upon this with Security Alerts. This will alert developers when vulnerabilities are discovered in libraries they use. This allows them to take immediate action, potentially preventing a severe compromise of security, or a catastrophic data breach.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The company says, where possible, it will advise developers on appropriate steps to take in order to resolve the issue.

Dependency graph launches today, with Security Alerts to soon follow. It supports both public and private repositories. Language support consists of Ruby and JavaScript, with Python to follow.

Get the TNW newsletter

Get the most important tech news in your inbox each week.