Technology, Top News

GitHub launches security alerts for Python

Yes. We went there.

RECENT MICROSOFT ACQUISITION GitHub is continuing to plough its own furrow and has recently announced some new features to enhance security.

Just launched is a security alerts feature for Python, one of the most popular languages in the world, which recently lost its Benevolent Dictator. It joins similar tools for Ruby and JavaScript.

Initially, the tool will detect “a few, recent vulnerabilities” says Robert Schultheis, Quality Engineer at GitHub in a blog post.

“As of this week, Python users can now access the dependency graph and receive security alerts whenever their repositories depend on packages with known security vulnerabilities.”

“Over the coming weeks, we will be adding more historical Python vulnerabilities to our database. Going forward, we will continue to monitor the NVD feed and other sources, and will send alerts on any newly disclosed vulnerabilities in Python packages.”

The Ruby and Javascript tools have proved a huge success, with many patches… well… patched within seven days, thanks to an alert being displayed in the administrator’s dashboard. It’s estimated to have blocked 500,000 nasties in its first six months.

Public repositories are already live (as long as you have a requirements.txt or Pipfile.lock file in your repository to help the system find it.

Private repositories are a bit more complex and require admins to “opt in to security alerts in your repository settings or by allowing access in the dependency graph section of your repository’s “Insights” tab”.

Additionally, if you go to the Alerts tab in settings and select who should get the alerts in the first place, as well as how often then it takes a bit of pressure of the admin, who receives them by default.

GitHub has promised to stay true to its independent, open source roots, despite taking the mighty dollar of Microsoft for $2.1bn last month. μ 

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend