What’s new at GitHub: dependency management, security alerts

GitHub is adding several services to its popular code-sharing site to help developers manage dependencies and improve security.

GitHub dependency graph service

With the dependency graph service, GitHub will use its own data to build a dependency graph that gives developers insight into both projects their code depends on and the projects that depend on their code.

[ Also on InfoWorld: 19 open source GitHub projects for security pros. | Track the latest trends in open source with InfoWorld’s Open Source Report newsletter. ]

The essential features in the GitHub dependency graph service

Via the dependency graph, developers can see which applications and packages they are connected to without leaving their repository. The graph currently supports JavaScript and Ruby code, with Python support planned for later.

The dependency graph relies on package managers to draw out dependencies when there are dependency manifest files. But over time, GitHub will provide the dependency graph service for projects that do not have dependency manifests. Still, GitHub recommends projects use a manifest file format to find these dependencies.

The graph also will be annotated with additional information for security and license and operational risks.

Where to get the GutHub dependence graph service

The dependency graph is available now on Github.com for public and private repos. The dependency graph will come to GitHub Enterprise, a paid service for enterprises, in early 2018. (GitHub Enterprise can be run at GitHub’s site as a cloud service or locally installed on-premises, as desired.)

GitHub security alerts service

The GitHub security alerts service is the first of a set of planned security features for GitHub.

The essential features in the GitHub security alerts service

Security alerts will associate the graph tracking dependencies with public security vulnerabilities, and providing alerts based on those connections, as well as alerts to some GitHub fixes.

Where to get the GutHub security alerts service

The security alerts services will come “soon” to Github.com for public and private repos. It will come to GitHub Enterprise in early 2018. Read more

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x