GitHub smart security alerts: know of vulnerabilities in your projects
A plenty of developers use third-party projects in their GitHub projects and might suffer dire consequences when possible security breaches in these dependencies are found. Meet the security alerts!
Leveraging the benefits of GitHub security alerts
Security alerts can be enabled for all types of projects (both private and public) to keep the right team members informed at once.
The process of enabling and configuring the smart alerts is as follows:
- Enable the dependency graph notifications for your project. For the public projects, this is enabled from the get-go, while for the private ones the feature should be activated either in the settings of the repository or in the corresponding menu item of the Insights tab.
- Configure the notification recipient lists. The repo admins will be emailed with all alerts by default and can add multiple teams and/or individuals to be the recipients for certain kinds of notifications in the dependency graph configuration section.
- Choose the right alert response. Knowing of the vulnerability is good, being able to fix it at once is much better. The GitHub smart security alerts will include both the list of the vulnerable dependencies that need to be updated and a list of proposed stable and secure solutions for each case (if any are available). This list will be composed based on the GitHub team’s machine learning algorithms in place and the publicly available data on the topic.
This feature is based on using CVE IDs taken from the list at National Vulnerability Database, yet not all publicly described vulnerabilities have those as of today. However, as the security data troves will increase, more and more GitHub projects will be covered by the feature.
Stay in touch to receive the latest updates from the IT industry world and share this article if you found the news as awesome as we do!
Feel free to browse through the latest insights and hints on the DevOps, Big Data, Machine Learning and Blockchain from IT Svit!
Big Data misuse can break your business
Correct use of the Big Data analytics and ML algorithms helps boost the customer satisfaction, secure the bottom line and increase the ROI. Quite opposite, the Big Data misuse results will be awful.
Trust or caution? Importance of NDA for Startups
NDA is one of the main judicial instruments of a startup, both a shield and a sword. Just keep in mind, the importance of NDA for startups is a double-edged sword. Why do we think so?
SLA benefits: why do you need SLA and what does it cover
SLA or a Service Level Agreement is a document highlighting the measurable metrics and results the customer expects to receive and the contractor is bound to provide. We list the SLA benefits below.
Blockchain technology explained to your grandma
The blockchain will shape the future of multiple industries, yet many people still don’t know how it works. We tried to make the blockchain technology explained in a way even a grandma will get.