GitHub dependency scan found four million security flaws

For discussions about security.
Post Reply
Message
Author
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

GitHub dependency scan found four million security flaws

#1 Post by Flash »

GitHub: Our dependency scan has found four million security flaws in public repos
By Liam Tung | March 22, 2018
GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners.

The massive bug-find total was reached within a month of the initiative's launch in November, when GitHub began scanning for known vulnerabilities in certain popular open-source libraries and notifying project owners that they should be using an updated version.

The scan automatically probes public repositories on GitHub for known-vulnerable libraries in RubyGems for Ruby and npm for JavaScript, so it doesn't yet cover all possible vulnerable libraries.

However, GitHub plans to expand its scan to Python dependencies later this year. Private repositories meanwhile need to opt in to the security alerts....

Post Reply