Python Code Farm Gospel, GitHub adds Python language security vulnerability warning

In 2017, GitHub began providing security vulnerability checks and alarms to the code warehouses and dependent libraries hosted on its Web site, initially supporting only the Ruby and JavaScript language projects. According to the official GitHub data, the current gitub has issued a vulnerability security warning to the 500,000 warehouse 400多万个 security vulnerabilities. GitHub statistics also show that basically these alarms are actively responded to by the developers, about half of the alarms in a week to receive responses, One-third of the vulnerabilities within a week to be resolved.

To tell you the good news, GitHub has added Python to the security screening program, another big milestone for GitHub to secure open source projects. This week, the Python project can view its class library dependency graph and conduct security checks on its class libraries, and if a known security vulnerability is found, a safety alert will be issued.

? GitHub says the next step is to add more Python vulnerability database holes from NVD and its public vulnerability sources, and to alert new vulnerabilities to newly disclosed security vulnerabilities in the Python class library.

Python security alarm feature enabled

Because class library security checks are based on the dependency profile of the project, you must ensure that you have requirements.txt or pipfile.lock files in your Python code library and that you are properly configured.

The way to see a class library depends on: "Insights"-"Dependency graph" through the GitHub interface

?

For public storage GitHub will automatically enable dependency graphs and security alerts. and alert you to security breaches, such as:

?

Private Warehouse Security Alarm settings

For private repositories, you need to choose your own security alarms in the repository settings and set the Dependency graph to allow access to the Insights tab of the repository.

When a vulnerability alert is enabled, the administrator receives a security vulnerability alert by default. Administrators can also add teams or individuals as recipients of security alerts by going to the settings page of their repositories and navigating to the Alarms tab.

To configure the kind or frequency of notifications you receive, you can access the Notification Settings page for the profile (above), and then check the options.

Security Alarm Setup Steps

1. Click on the profile picture in the top right-drop-down menu to select "Setting".

2. Select "Notifications" from the function menu on the left side of the page.

3. On the Vulnerability Alerts tab of the Settings Notification page, select the relevant item as shown in:

?

Set GitHub Access Dependency graph

1. Click "Setting" On the Settings tab in the function menu above the warehouse.

2. On the Data Services tab of the popup Settings page, select the option to allow Github to read and analyze the warehouse.

The basic function is so, this is a boon for the vast number of Python code farmers, GitHub helps you focus on security issues, and timely processing. Hopefully, GitHub will continue to support more languages, such as Java,golang.

Reprint | original link: http://t.cn/RgteOo0

? 51Reboot Latest Course Announcement

The 19th Python combat class is in the hot admissions

The 8th phase of automated transport Viban is enrolling

Detail Scan Code Consultation

Free Video Stamp stamp!????

Python Code Farm Gospel, GitHub adds Python language security vulnerability warning