GitHub Introduces Dependency Graph and Security Alerts

| by Sergio De Simone Follow 17 Followers on Oct 11, 2017. Estimated reading time: 1 minute |

At its Universe conference, GitHub has announced a number of features aiming to make your code more protected. These include a dependency graph and, built on top of the former, security alerts. Additionally, GitHub now provides a recommender, which promises to help you discover projects you may be interested in, and a new Explore experience, offering a curated selection of collections, topics, and other resources.

GitHub dependency graph allows you to list all dependencies for your repository and can be accessed by going to the Insight section of your repo and then choosing Dependency graph. For private repositories, developers are also asked to grant GitHub access to their repo metadata, complying with GitHub’s data protection policy. Currently, GitHub dependency graph supports Ruby and JavaScript, while Python support is coming.

Based on the information provided by the dependency graph, GitHub will soon be able to deliver security alerts to developers when any of the dependencies of a repos of theirs contains a known public vulnerability. When a fix for that vulnerability is known, GitHub will also provide a suggestion, such as upgrading to a newer version of that dependency etc. Security alerts, which according to GitHub are just the first in a future set of tools to help make code safer, are not available yet.

The other two major features that GitHub announced aim to make it easier for developers to discover what the GitHub community can offer. The first is a recommender system, dubbed Discover repositories, which provides suggestions about repositories that might be interesting to you based on your behavior, such as starring a repo or following other developers, and on what is popular on GitHub. Besides that, GitHub has revamped its Explore experience to provide developers with a curated selection of collections and topics. Collections are hand-picked resources that aim to help developers learn or dig deeper in areas of their interest. Examples of collections are getting started with machine learning, government apps, how to choose your first open source project, etc. Topics, on the other hand, have wider scope, e.g. projects related to Android, CSS, Rails, etc.

On a related note, GitHub also unveiled its Explore Octoverse info-graphics, which tries to summarize how developers around the world have used GitHub to share their code, what languages or frameworks are most popular, and so on.

For more details, you can watch the conference keynote.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you