GitHub smart security alerts: know of vulnerabilities in your projects
A plenty of developers use third-party projects in their GitHub projects and might suffer dire consequences when possible security breaches in these dependencies are found. Meet the security alerts!
Leveraging the benefits of GitHub security alerts
Security alerts can be enabled for all types of projects (both private and public) to keep the right team members informed at once.
The process of enabling and configuring the smart alerts is as follows:
- Enable the dependency graph notifications for your project. For the public projects, this is enabled from the get-go, while for the private ones the feature should be activated either in the settings of the repository or in the corresponding menu item of the Insights tab.
- Configure the notification recipient lists. The repo admins will be emailed with all alerts by default and can add multiple teams and/or individuals to be the recipients for certain kinds of notifications in the dependency graph configuration section.
- Choose the right alert response. Knowing of the vulnerability is good, being able to fix it at once is much better. The GitHub smart security alerts will include both the list of the vulnerable dependencies that need to be updated and a list of proposed stable and secure solutions for each case (if any are available). This list will be composed based on the GitHub team’s machine learning algorithms in place and the publicly available data on the topic.
This feature is based on using CVE IDs taken from the list at National Vulnerability Database, yet not all publicly described vulnerabilities have those as of today. However, as the security data troves will increase, more and more GitHub projects will be covered by the feature.
Stay in touch to receive the latest updates from the IT industry world and share this article if you found the news as awesome as we do!
Feel free to browse through the latest insights and hints on the DevOps, Big Data, Machine Learning and Blockchain from IT Svit!
What is the cloud pyramid: the layers of DevOps services
We use cloud computing services quite a lot nowadays, yet many people don’t have a clear picture of the cloud structure in mind. This is what the cloud pyramid looks like:
DevOps Culture: A Huge Step for Mankind
In order to perform well, the company should be comprised of departments concentrated on performing their tasks. Effective interaction between these departments is what drives the DevOps culture. How to achieve this goal?
How CryptoKitties help the Blockchain technology evolve
The game centered on collecting, breeding and trading virtual felines for ethers has taken the Ethereum network by storm. Here are certain important outcomes for the Blockchain technology as a whole.
Google distrust of Symantec SSL certificates. Why is it important?
As soon as in Google 66, which is scheduled to be released on April 17, 2018, Google plans to distrust all Symantec-issued SSL certificates issued prior to June 1, 2016. What should be done about this?