CYBER NEWS

GitHub Adds Python Security Alerts to Reduce Vulnerable Projects

GitHub has been known to support JavaScript and Ruby by providing security alerts, and now the same becomes valid for Python. In other words, GitHub has updated its security alerts feature by adding support for Python projects.




This relatively new security feature was introduced last year, in November, with the idea to reduce the number of vulnerable projects hosted on the infamous code platform. The security feature has no particular name but it is part of a feature called Dependency Graph situated in the Insights tab of GitHub projects.

The purpose of the graph is to display a tree-like structure of available libraries loaded inside a coding project. This is based on manifest files included in every project.

We’re pleased to announce that we’ve shipped Python support. As of this week, Python users can now access the dependency graph and receive security alerts whenever their repositories depend on packages with known security vulnerabilities“, GitHub wrote.

Over the coming weeks, GitHub will be adding more historical Python vulnerabilities to their database, and will continue to monitor the NVD feed and other sources, to send out alerts on any newly disclosed vulnerabilities in Python packages.

How to Enable Python Security Alerts on GitHub

The very first step is to ensure that you have checked in a requirements.txt or Pipfile.lock file within repositories that contain Python code.

Related Story: GitHub Account of Gentoo Linux Hacked, Refrain from Using Its Code

Public repositories will automatically have your dependency graph and security alerts enabled, GitHub explained. For private repositories, users will have to opt in to security alerts in their repository settings, or allow access in the dependency graph section of the repository’s “Insights” tab.

Finally, when vulnerability alerts are enabled, admins will receive security alerts by default. Admins can also add teams or individuals as recipients for security alerts by entering their repository’s settings page and navigating to the “Alerts” tab.

There is also the option to configure the kind or frequency of notifications by navigating to your profile’s notification settings page and selecting your preferred choice.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...