GitHub serves up enterprise tools: security alerts, advisories, and new permissions

Credit: ID 125527212 © Ibrandify |

Microsoft’s hit code-sharing site GitHub has announced a host of new security tools for open source developers who build for enterprise, including new enterprise security alerts, automated patching, and a private zone to discuss and fix security vulnerabilities. 

GitHub’s security alerts for vulnerable dependencies in a coding project have come to the enterprise, the company announced today at its 2019 Satellite conference in Berlin, Germany. These alerts have been available to users of GitHub online since 2017, but until today it was not available to enterprise customers running their own internal GitHub Enterprise server. 

“Now you can connect your GitHub server to the cloud and it will use the use the dependency information from your server to send you security alerts,” said Shanku Niyogi, SVP of GitHub Product. 

An update to GitHub Enterprise Server release today allows customers to receive security alerts if they use GitHub Connect, the company’s cloud service.  

The company also announced a security alerts partnership with security firm White Source, which tracks open source vulnerabilities. GitHub will use its collection of known vulnerabilities to determine what dependencies to issue alerts for.