GitHub Applies Machine Learning to Alert Your Project Dependencies



Well aware of the need to manage the ever-increasing complexity of project dependencies, as well as keep code safer within the interconnected open source ecosystem, GitHub’s data and analytics team has stepped up with two new features targeted at increasing security and creating transparency in the murky waters of project dependencies.

Public repos will automatically have security alerts enabled via their dependency graphs, but private repos need to opt in. By default, admins will be the first responders for security alerts, but anyone with repo access, from individuals to entire teams, can be added as alert recipients under repo settings.

When an alert is triggered for a potential vulnerability, the notification will highlight any dependencies affected. The most advanced feature of the new security alert system uses machine learning to include recommendations for replacement with known safe versions from the GitHub community if any exist.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s