Jump to content

Search the Community

Showing results for tags 'security alerts'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Sugestii
    • Linkuri
    • Cosul de gunoi
    • Cryptocurrency
  • Cumparaturi online's Topics
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Cumparaturi online's Test
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Web Development's Forum

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. GitHub's new service will help developers clean up vulnerable project dependencies. Devlopers can view the security alerts in the repository's dependency graph, which can be accessed from 'Insights'. Image: GitHub Development platform GitHub has launched a new service that searches project dependencies in JavaScript and Ruby for known vulnerabilities and then alerts project owners if it finds any. The new service aims to help developers update project dependencies as soon as GitHub becomes aware of a newly announced vulnerability. GitHub will identify all public repositories that use the affected version of the dependency. Projects under private repositories will need to opt into the vulnerability-detection service. The alerts should have a big impact on security, given that GitHub now hosts nearly 70 million repositories, with projects that rely on dependent software packages or software libraries that frequently do not get updated when new flaws are disclosed. The alerts form part of GitHub's so-called 'dependency graph', which helps developers monitor projects that their code depends on, and lists a project's various Ruby and JavaScript dependencies. Developers can view the security alerts in the repository's dependency graph, which can be accessed from 'Insights'. The alerts are only sent to project owners and others with admin access to repositories. The company promises never to publicly disclose vulnerabilities for a specific repository. Users can choose to receive the alerts by email, web notifications or the GitHub interface. GitHub's is also using machine learning to suggest fixes from the GitHub community. The alerts are based on public vulnerabilities in Ruby gems and NPM, the package manager for Node.js, on MITRE's Common Vulnerabilities and Exposures (CVE) List. GitHub will add Python to its vulnerability alert service in 2018. Python, Ruby, and JavaScript are among the top five languages on GitHub, along with Java and PHP. It appears the alerts will be limited to flaws with CVE IDs initially. However, as GitHub notes many publicly disclosed flaws don't have CVE IDs. It suggests future improvements will help it identify more vulnerabilities as it collects more data about them. Source: zdnet.com
×