Marketing

GitHub expands Ruby and JavaScript security alerts to Python

After launching a JavaScript and Ruby security alert program a year ago, the now Microsoft-owned GitHub code hosting site is expanding the alerts to projects using the popular Python language, 

The project’s aim was to help developers identify vulnerabilities in dependencies written and shared in JavaScript and Ruby. GitHub’s dependency graph helped spot bugs in certain dependencies and pointed developers to known fixes. 

Public repositories automatically get the security alerts while private repositories need to opt into the security device.

Un-noticed vulnerabilities in open source libraries written in Ruby, JavaScript, Python and other languages is a widespread problem according to open-source vulnerability tracker Snyk, which scanned 1,000 projects on GitHub and found 64 percent were vulnerable to at least one flaw. One of the main problems was that shared code spread the same vulnerabilities to multiple projects. 

The expansion of the service to Python could have a big impact. One of the most popular projects written in Python is Google’s open source deep leaning framework Tensorflow.