GitHub says the introduction of security alerts last year has led to a significantly smaller number of vulnerable code libraries on the platform.
The code hosting service announced in mid-November 2017 the introduction of a new security feature designed to warn developers if the software libraries used by their projects contain any known vulnerabilities.
The new feature looks for vulnerable Ruby gems and JavaScript NPM packages based on MITRE’s Common Vulnerabilities and Exposures (CVE) list. When a new flaw is added to this list, all repositories that use the affected version are identified and …read more
Via:: Security Week