Story image

GitHub to boost security tracking for developers' projects

13 Oct 2017

GitHub has unveiled security improvements to its coding platform, which will allow developers to track which dependencies are associated with public security vulnerabilities.

The new plans were revealed at the annual GitHub Universe developer conference, which is taking place in San Francisco this week.

According to GitHub, software builders may rely on some of the millions of open source projects on the platform.

The company has now created a dependency graph that allows developers to track which other projects they are using in their work, and which of their projects other developers are using – all without leading their repositories.

“ Now, our data can help you manage increasingly complex dependencies and keep your code safer as you work on connected projects—even for private repositories,” the company states in a blog.

Eventually, the dependency graph will track when dependencies are open to public security vulnerabilities. The company will notify those affected and may suggest known security fixes.

Security alerts are the first in what we hope will be a robust collection of tools to keep your code safe, and we need people who build on our APIs to help us make them even better —and to keep security data current for the community,” the company says.

GitHub also revamped the way it allows users to discover and contribute to new projects.

Its news feed has been updated to include ‘discover repositories’ that show recommendations for open source projects tailored to users based on their own preferences and popular GitHub projects.

The ‘Explore’ experience has also been curated to show collections, topics and resources from contributors worldwide.

“Collections are hand-picked resources from the GitHub universe and beyond. Browse collections to learn about ideas that interest you, like machine learning or game development, and find repositories and organizations that help you dig deeper,” the company says.

“Topic pages help you find projects related to technologies, languages, frameworks, or platforms—thanks to the GitHub community’s topic tags. Use topic pages to find all Android or CSS projects for example, and suggest edits to topic pages in our public repository.”

GitHub will also be introducing premium support for GitHub Enterprise customers. It is also working on a new community forum, marketplace trial program and a team discussion tool.

In 2017, GitHub hosted 24 million developers; 67 million repositories and 1.3 million students learning on the platform, according to its Octoverse report.

GitHub Universe wraps up today in San Francisco.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.