Bleeping Computer

Github Will Warn Developers About Vulnerable Dependencies in Their Projects

GitHub — the Internet largest code hosting service — is rolling out a new security feature through which it hopes to reduce the number of vulnerable projects hosted and distributed through its ...
ZDNet

GitHub rolls out dependency review, vulnerability alerts for pull requests

GitHub will roll out dependency review, a security assessment for pull requests, in the coming weeks to developers. SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover ...
Bleeping Computer

GitHub can now alert of supply-chain bugs in new dependencies

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. This is achieved by adding the new Dependency Review GitHub Action ...
InfoQ

GitHub Introduces Dependency Graph and Security Alerts

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
ZDNet

GitHub: Our dependency scan has found four million security flaws in public repos

GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners. The massive bug-find total ...
adtmag.com

GitHub Intros Dependency Graphs, Security Alerts Coming Soon

GitHub is boosting the security capabilities of its software development platform, introducing a new open source project dependency graphs and promising alerts when bad actors show up in those graphs.