GitHub smart security alerts: know of vulnerabilities in your projects
A plenty of developers use third-party projects in their GitHub projects and might suffer dire consequences when possible security breaches in these dependencies are found. Meet the security alerts!
Leveraging the benefits of GitHub security alerts
Security alerts can be enabled for all types of projects (both private and public) to keep the right team members informed at once.
The process of enabling and configuring the smart alerts is as follows:
- Enable the dependency graph notifications for your project. For the public projects, this is enabled from the get-go, while for the private ones the feature should be activated either in the settings of the repository or in the corresponding menu item of the Insights tab.
- Configure the notification recipient lists. The repo admins will be emailed with all alerts by default and can add multiple teams and/or individuals to be the recipients for certain kinds of notifications in the dependency graph configuration section.
- Choose the right alert response. Knowing of the vulnerability is good, being able to fix it at once is much better. The GitHub smart security alerts will include both the list of the vulnerable dependencies that need to be updated and a list of proposed stable and secure solutions for each case (if any are available). This list will be composed based on the GitHub team’s machine learning algorithms in place and the publicly available data on the topic.
This feature is based on using CVE IDs taken from the list at National Vulnerability Database, yet not all publicly described vulnerabilities have those as of today. However, as the security data troves will increase, more and more GitHub projects will be covered by the feature.
Stay in touch to receive the latest updates from the IT industry world and share this article if you found the news as awesome as we do!
Feel free to browse through the latest insights and hints on the DevOps, Big Data, Machine Learning and Blockchain from IT Svit!
10 principles of great customer service
The most valuable asset of any business is its team. And the most impactful action of any team is its interaction with your customer. Why is frustration the most frequent result of support calls?
Upcoming DevOps Conferences 2019
Huge DevOps conferences like AWS re:Invent, DevOps Days, QCon or Jax DevOps always attract lots of attention. We list the events you might want to attend in 2019.
Why perform a periodic IT infrastructure audit?
The product you run and the services you offer are supported by some IT infrastructure. Periodic infrastructure audit helps keep it in check — resilient, performant, reliable.
IT Svit deployment evolution — from 3 hours to 2 minutes
One of IT Svit products is Hurma — an integral HR & recruiting system we developed from scratch. This is the story of how we reduced its deployment time from 3 hours to 2 minutes.