GitHub Security Alerts has detected over 4 million vulnerabilities

The Github security Alerts introduced last year significantly reduced the time for developers to eliminate vulnerabilities in Ruby and JavaScript projects.

The GitHub security warning service can search for dependencies to find known vulnerabilities and then pass through the developer to help developers fix the vulnerabilities as quickly as possible, eliminate loopholes or depend on security versions.

According to Github, the current security alert has reported more than 4 million vulnerabilities in more than 500,000 libraries. Nearly half of all displayed warnings were received within a week, and the rate of vulnerabilities in the first 7 days was about 30%. In fact, the situation may be better, because when the statistics are limited to the most recent contributing libraries, that is to say, libraries that have contributed in the past 90 days, 98% of the libraries have been patched within 7 days.

This security alert service scans all public libraries. For private libraries, only dependency graphs are scanned. Whenever a loophole is found, the library administrator can receive a message, including the level of vulnerability and the resolution steps provided.

The security warning service now only supports Ruby and JavaScript, but Github stated that the 2018 plan supports Python.

Source: Github