Developers can see security alerts on your repositories as dependency graph support rolls out. When there’s a published vulnerability on any of the Composer dependencies that projects lists in composer.json and composer.lock files, GitHub will send an alert including email or web notifications, depending on user’s preferences.
Read also: Rocke’s new cyberminer removes competitors and uses GitHub to communicate with C2
Secondly, Microsoft acquired the Semmle code analysis tool (the amount of the transaction was not disclosed). It is planned to integrate it with GitHub over time and then use it to improve the vulnerability scanning process. Recall that by now Semmle is already used by Google, Uber, NASA and Microsoft and many other open source projects.
“Semmle QL benefits both developers and maintainers. It has a library of thousands of queries, all open source, that have been defined by some of the industry’s best security researchers”, — reported in GitHub.
Thirdly, this week GitHub completed certification as a CVE Numbering Authority, that is, now the company will be able independently assign CVE identifiers to vulnerabilities.
“We believe that fast, unfettered movement of vulnerability data is critical to improving software security. This is why we’re excited to share that GitHub has been approved as a CVE Numbering Authority for open source projects. We’ll be able to issue CVEs for security advisories opened on GitHub, allowing for even broader awareness across the industry”, — reported GitHub specialists.
GitHub’s authority will extend only to open source projects hosted on the platform, but this means that vulnerabilities in the bug tracker will receive CVE identifiers much faster, since project owners will be able to request a CVE from GitHub, bypassing the time-consuming process of contacting and approving the bug in MITRE.
About Adblockelite.xyz Adblockelite.xyz pop-ups can not open out of nowhere. If you have clicked some…
About Appcloud-center.com Appcloud-center.com pop-ups can not open out of nowhere. If you have actually clicked…
About Groopheetex.com Groopheetex.com pop-ups can not expose out of nowhere. If you have clicked on…
About Vidstreambox.com Vidstreambox.com pop-ups can not expose out of the blue. If you have actually…
About Mac-uptodate.com Mac-uptodate.com pop-ups can not introduce out of the blue. If you have actually…
About Taffetlervers.com Taffetlervers.com pop-ups can not expose out of the blue. If you have clicked…