‘Introducing security alerts on GitHub’

Snyk has been around for a while but this fantastic new addition to GitHub brings dependency vulnerability monitoring to the masses.

Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don’t have them. We’ll continue to get better at identifying vulnerabilities as our security data grows.

They “only” support JavaScript and Ruby at the moment — in addition to those two, Snyk also supports Java, Scala, Python, Go and Gradle — but Python support is said to be coming in 2018 and I’m sure they won’t stop there.

Thanks for reading! If you liked this post, you may like others archived in: Security. You can keep up to date with new posts by subscribing to the RSS Feed or by following me on Micro.blog.