Join us at TNW Conference 2021 for insights into the future of tech →

The heart of tech

This article was published on October 11, 2017


    Github launches new tools to say when your project’s dependencies get pwned

    Github launches new tools to say when your project’s dependencies get pwned
    Matthew Hughes
    Story by

    Matthew Hughes

    Former TNW Reporter

    Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

    Github today announced the introduction of more robust security features for its users, which will help developers identify vulnerable dependencies in their code.

    The announcement came at the company’s flagship Github Universe conference, taking place at Pier 70 in San Francisco. The new feature, called Dependency Graph, enumerates the software libraries that constitute a project. This information is then visualized in a way that’s easy for developers to digest, giving them an accurate overview of their codebase.

    Github intends to build upon this with Security Alerts. This will alert developers when vulnerabilities are discovered in libraries they use. This allows them to take immediate action, potentially preventing a severe compromise of security, or a catastrophic data breach.

    The company says, where possible, it will advise developers on appropriate steps to take in order to resolve the issue.

    Dependency graph launches today, with Security Alerts to soon follow. It supports both public and private repositories. Language support consists of Ruby and JavaScript, with Python to follow.