GitHub has recently launched a security feature alert which will be used to scan projects dependencies when vulnerabilities are detected. This comes after GitHub made it easier for one to keep track of projects. Most GitHub projects have dependencies, hence with dependency graph enabled, one is able to be notified once vulnerabilities are detected on project’s dependencies and suggestions on how to fix them are found on GitHub community with the help of machine learning.
Whether projects are private or public, security is both vital. Though public projects will come with dependency graph enabled, for a private repository, one will have to opt-in for security alert from the repository settings or either by allowing access in the Dependency graph section. Also, one can choose to receive security alert either to email or from the web repository. Once the user is notified of security alert, it’s now for the user to apply the appropriate patch and fixes.
GitHub will always highlight those dependencies that will require updates in case an alert of vulnerability is detected. All this is achieved with the help of machine learning.