Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News GitHub Introduces Dependency Graph and Security Alerts

GitHub Introduces Dependency Graph and Security Alerts

Leia em Português

This item in japanese

At its Universe conference, GitHub has announced a number of features aiming to make your code more protected. These include a dependency graph and, built on top of the former, security alerts. Additionally, GitHub now provides a recommender, which promises to help you discover projects you may be interested in, and a new Explore experience, offering a curated selection of collections, topics, and other resources.

GitHub dependency graph allows you to list all dependencies for your repository and can be accessed by going to the Insight section of your repo and then choosing Dependency graph. For private repositories, developers are also asked to grant GitHub access to their repo metadata, complying with GitHub’s data protection policy. Currently, GitHub dependency graph supports Ruby and JavaScript, while Python support is coming.

Based on the information provided by the dependency graph, GitHub will soon be able to deliver security alerts to developers when any of the dependencies of a repos of theirs contains a known public vulnerability. When a fix for that vulnerability is known, GitHub will also provide a suggestion, such as upgrading to a newer version of that dependency etc. Security alerts, which according to GitHub are just the first in a future set of tools to help make code safer, are not available yet.

The other two major features that GitHub announced aim to make it easier for developers to discover what the GitHub community can offer. The first is a recommender system, dubbed Discover repositories, which provides suggestions about repositories that might be interesting to you based on your behavior, such as starring a repo or following other developers, and on what is popular on GitHub. Besides that, GitHub has revamped its Explore experience to provide developers with a curated selection of collections and topics. Collections are hand-picked resources that aim to help developers learn or dig deeper in areas of their interest. Examples of collections are getting started with machine learning, government apps, how to choose your first open source project, etc. Topics, on the other hand, have wider scope, e.g. projects related to Android, CSS, Rails, etc.

On a related note, GitHub also unveiled its Explore Octoverse info-graphics, which tries to summarize how developers around the world have used GitHub to share their code, what languages or frameworks are most popular, and so on.

For more details, you can watch the conference keynote.

Rate this Article