GitHub has added a new security feature to its version control platform for code developers that will notify users when a vulnerability is detected in one of their object dependencies.
In such cases, the new service will suggest known bug fixes from the GitHub community, GitHub announced in a Nov. 16 blog post.
Users will receive alerts whenever they enable their dependency graph to track instances when one object relies on another to function properly. Public projects will automatically provide this service, but for projects hosted in private repositories, users need to officially opt in or allow access in the dependency graph section of their repository’s Insights tab.
“When we notify you about a potential vulnerability, we’ll highlight any dependencies that we recommend updating. If a known safe version exists, we’ll select one using machine learning and publicly available data, and include it in our suggestion,” GitHub explains in its blog post.