The code-sharing site will tell users what projects depend on other projects as well as offer security alerts
GitHub is adding several services to its popular code-sharing site to help developers manage dependencies and improve security.
With the dependency graph service, GitHub will use its own data to build a dependency graph that gives developers insight into both projects their code depends on and the projects that depend on their code.
Via the dependency graph, developers can see which applications and packages they are connected to without leaving their repository. The graph currently supports JavaScript and Ruby code, with Python support planned for later.
The dependency graph relies on package managers to draw out dependencies when there are dependency manifest files. But over time, GitHub will provide the dependency graph service for projects that do not have dependency manifests. Still, GitHub recommends projects use a manifest file format to find these dependencies.
The graph also will be annotated with additional information for security and license and operational risks.
The dependency graph is available now on Github.com for public and private repos. The dependency graph will come to GitHub Enterprise, a paid service for enterprises, in early 2018. (GitHub Enterprise can be run at GitHub’s site as a cloud service or locally installed on-premises, as desired.)
The GitHub security alerts service is the first of a set of planned security features for GitHub.
Security alerts will associate the graph tracking dependencies with public security vulnerabilities, and providing alerts based on those connections, as well as alerts to some GitHub fixes.
The security alerts services will come “soon” to Github.com for public and private repos. It will come to GitHub Enterprise in early 2018.
Other changes to GitHub include:
Tags GitHub
More about 24/7
