1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • GitHub update will help you squash the hidden security bugs in yo

    From TechnologyDaily@1337:1/100 to All on Sat Aug 13 16:30:04 2022
    GitHub update will help you squash the hidden security bugs in your code

    Date:
    Sat, 13 Aug 2022 15:17:16 +0000

    Description:
    New GitHub feature will update developers about potential vulnerabilities within their actions.

    FULL STORY ======================================================================

    GitHub will now send a Dependabot alert for vulnerable GitHub Actions which could make it easier to stay up to date and fix security vulnerabilities in your actions workflows.

    GitHub Actions is the platform's continuous integration and delivery (CI/CD) solution, which allows users to automate their software development pipeline.

    The new alerts will be powered by the GitHub Advisory Database, which is a security vulnerability database inclusive of Common Vulnerabilities and Exposures (CVEs) and GitHub-originated security advisories taken from the world of open source software. How can I enable the feature?

    To receive alerts on GitHub Actions and vulnerabilities impacting your code, you canenable Dependabot by selecting Enable all under the Code security and analysis tab.

    If you already happen to be using Dependabot, no problem, there isno additional action required.

    You can also contribute some of your wisdom to help other users become more secure.

    If you are the owner of a GitHub Action and you discover a vulnerability, you can start the process ofcreating an advisory from the security tab in your repository.

    Once the repository advisory is created and tagged within the GitHub Action ecosystem, the GitHub curation team will review the repository advisory and create a global advisory when appropriate.

    You can find out more about managing vulnerable dependencies on GitHub by heading here . READ MORE:

    The latest GitHub update solves major headaches for developers



    Github is closing one of its most popular dev tools



    Our guide to the best laptops for devs

    Github isn't the only company that is looking to remedy some of the vulnerabilities related to open source code, which is a common way for cybercriminals to try and hijack endpoints.

    It's a topic that gaining the attention of the wider technology industry, which is understandable as open source vulnerabilities have been the causes
    of some of the most devasting cyber attacks of the past few years, including the Log4jattack.

    Google recently said it "will continue to make open source security a
    priority and urge others to do the same because the health and availability
    of open source projects strengthen the security posture of users and developers everywhere. Want to beef up your organization's security? Chckout our guide to the best firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/news/github-update-will-help-you-squash-the-hidden-s ecurity-bugs-in-your-code/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)