GitHub now warns you about flaws affecting your Python code

Code repository will also offer admins fixes from the developer community

Python has joined Ruby and JavaScript on GitHub's list of coding languages it scans for security vulnerabilities.

Developers using Python can now get security alerts for any new bugs the code repository platform spots, as well as some recent vulnerabilities Python has had.

They will also find Python on their project dependency graph, which tracks all the projects, packages and applications a developer's code depends on without leaving their repository.

Security alerts will notify users of any known vulnerabilities affecting the code their repository relies on, and the dependency graph also lets users know if there's a known security fix from within the wider GitHub community.

GitHub, bought by Microsoft for $7.5 billion last month, tracked more than four million vulnerabilities in 500,000 Ruby and JavaScript code repositories after it shipped support for those languages last year.

Developers typically patched known vulnerabilities affecting their projects within seven days of detection, GitHub said, suggesting a similar approach for Python-based projects would be useful to users.

"We've chosen to launch the new platform offering with a few recent vulnerabilities," GitHub quality engineer Robert Schultheis said in a blog post.

"Over the coming weeks, we will be adding more historical Python vulnerabilities to our database. Going forward, we will continue to monitor the NVD feed and other sources, and will send alerts on any newly disclosed vulnerabilities in Python packages."

To enable Python security alerts, developers must first check in a requirements.txt file or Pipfile.lock file inside their public Python code repositories. Doing so will automatically enable the dependency graph and security alerts.

Private repositories require users to opt into security alerts via their settings, or by allowing access in the dependency graph section of the repository's 'Insights' tab.

Admins will then receive security alerts by default, and can add teams or individuals to the notifications via their settings page 'Alerts' tab.

Picture: Shutterstock

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021