Norway


  • March 22,
  • By Developer.com Staff







Since last November, has been scanning its code for as part of its dependency graph service. Today it announced that it has found more than known vulnerabilities, so far, and has alerted project owners about the problems.

GitHub currently scans only public repositories written in Java and Ruby, which is about a half million repositories. Owners of private repositories can opt in to be included in the service.

The says that about 30 percent of the vulnerabilities it finds are resolved within a week after notification. However, 55 percent of alerts went to repositories that haven’t been changed in 90 days.

View article






Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here