GitHub smart security alerts: know of vulnerabilities in your projects
A plenty of developers use third-party projects in their GitHub projects and might suffer dire consequences when possible security breaches in these dependencies are found. Meet the security alerts!
Leveraging the benefits of GitHub security alerts
Security alerts can be enabled for all types of projects (both private and public) to keep the right team members informed at once.
The process of enabling and configuring the smart alerts is as follows:
- Enable the dependency graph notifications for your project. For the public projects, this is enabled from the get-go, while for the private ones the feature should be activated either in the settings of the repository or in the corresponding menu item of the Insights tab.
- Configure the notification recipient lists. The repo admins will be emailed with all alerts by default and can add multiple teams and/or individuals to be the recipients for certain kinds of notifications in the dependency graph configuration section.
- Choose the right alert response. Knowing of the vulnerability is good, being able to fix it at once is much better. The GitHub smart security alerts will include both the list of the vulnerable dependencies that need to be updated and a list of proposed stable and secure solutions for each case (if any are available). This list will be composed based on the GitHub team’s machine learning algorithms in place and the publicly available data on the topic.
This feature is based on using CVE IDs taken from the list at National Vulnerability Database, yet not all publicly described vulnerabilities have those as of today. However, as the security data troves will increase, more and more GitHub projects will be covered by the feature.
Stay in touch to receive the latest updates from the IT industry world and share this article if you found the news as awesome as we do!
Feel free to browse through the latest insights and hints on the DevOps, Big Data, Machine Learning and Blockchain from IT Svit!
Outsourced backend development for a Tokyo-based dating app
Reliable and efficient back-end development is essential for ensuring the whole project success. A Tokyo-based IT Svit customer is very glad he chose IT Svit for delivering these services.
What is DevOps: DevOps services in a nutshell
As different people have a different experience with DevOps services, they have different explanations and definitions of what is DevOps. Below we describe DevOps services in a nutshell.
How to increase the IT infrastructure efficiency in 3 months
One of the most daunting and pressing tasks for any company is the continuous push for improvement of their IT infrastructure. We describe how to increase the IT infrastructure efficiency in 3 months.