Github launches security alerts for Python



[ad_1]

RECENT ACQUISITION OF MICROSOFT GitHub continues to plow its own path and has recently announced new features to improve safety.

He has just launched a security alerts feature for Python, one of the world's most popular languages, which recently lost its benevolent dictator. He joins similar tools for Ruby and JavaScript.

Initially, the tool will detect "some recent vulnerabilities," says Robert Schultheis, Quality Engineer at GitHub in a blog post

"Since this week, Python users can now access the dependency graph and receive security alerts whenever their repositories depend on packages with known security vulnerabilities. "

" In the coming weeks, we'll add other Python historical vulnerabilities to our database. " NVD and other sources, and will send alerts on newly revealed vulnerabilities in Python packages. "

The Ruby and Javascript tools have been hugely successful, with many fixes … well … fixed in seven days, thanks to an alert being displayed in the dashboard of the administrator. It is estimated that he has stuck 500,000 bad guys in his first six months

The public repositories are already online (as long as you have a requirements.txt file or Pipfile.lock in your repository to help the system with the find.)

Private Repositories are a bit more complex and require administrators to "opt for security alerts in your repository settings or allow access to them in the dependency graphs section of the repository. 39; "Insights" tab of your repository.

in the settings and select who should receive the alerts in the first place, as well as the frequency, then it takes a little pressure from the administrator, who receives them by default.

GitHub promised to remain true to its independence, open source roots, despite taking Microsoft's mighty dollar for $ 2.1 billion last month.

Learn more [1965] 9012] [ad_2]
Source link