More than 4 million vulnerabilities detected by GitHub Security Alerts

More than 4 million vulnerabilities detected by GitHub Security Alerts

According to GitHub, security warnings launched in last October greatly reduced the time for developers to eliminate Ruby and JavaScript project vulnerabilities.

When a public vulnerability list is detected in their library, the GitHub security alert notifies the database administrator. This is an important reminder for them that they can quickly respond, fix vulnerabilities, eliminate the dependency on vulnerabilities, or switch to a secure version.

According to GitHub, nearly half of all warnings are responded within a week, and the vulnerability resolution rate in the previous seven days is about 30%. According to GitHub, the actual situation may be better, because when the statistics are restricted to the libraries that have contributed recently, that is, the libraries that have contributed in the past 90 days, 98% of libraries were patched within 7 days. In general, GitHub Security Alerts have reported more than 0.5 million vulnerabilities in more than 4 million databases.

GitHub security alerts scan all public libraries to find vulnerabilities. For private libraries, only dependency graphs are enabled. For each vulnerability detected, the database administrator not only receives general information, but also contains severity levels and solutions. If you do not know the Security version of a specific dependency, GitHub will try to recommend a similar and secure dependency to replace insecure libraries.

Security notifications can be sent in several ways: a warning is displayed, along with other notifications or by email. In addition to sending an email each time you discover a vulnerability, GitHub recently released a weekly summary email, which summarizes the vulnerability warnings for up to 10 databases.

As mentioned above, security warnings currently only support libraries written in Ruby or JavaScript. Python is expected to be supported in 2018.

GitHub Tutorials:

Create a personal technical blog via GitHub

GitHub tutorials

Use Webhooks of GitHub/GitLab for automated website deployment

SSH key switching for multiple GitHub accounts

How to use two GitHub accounts on the same computer

Build a Maven repository on GitHub

Get to know GitHub in one minute

Share practical GitHub tutorials

GitHub User Guide

Getting started with GitHub

GitHub details: click here
GitHub: click here

GitHub Security Alerts Detected Over Four Millions Vulnerabilities

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151622.htm