Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: The Register
GitHub can now automagically offer security patches for projects’ third-party dependencies.
The Microsoft-owned source-code management site announced on Wednesday the new beta-grade feature: when enabled, developers will receive automatically generated pull requests that, when accepted, will apply security fixes to a project’s dependencies.
For example, Lindsey is a programmer who maintains a project that makes use of three other packages from outside developers, and opts into this new feature. When one of those packages needs a patch for a security vulnerability, Lindsey gets an automatically generated pull request that, when accepted, will merge the fixed package into the project.
These automatic updates will, for now anyway, be limited to dependencies written in Ruby, Python, Java, .NET, and JavaScript. The feature will also require the project have a dependency graph enabled, and will be gradually rolled out over the next few months to coders.
Prior to merging in a patched dependency, a developer will be given a compatibility score to gauge whether the update will break their code. The security fix may change API functionality, or similar, which will cause subsequent builds to fail.
Ideally, programmers should apply the security patch to their code in a separate branch, or locally, then test it, and accept the fix if it all works, and push out an updated build for users to download and install. If the compatibility score is high, and the fix is an emergency, you may want to accept the pull right away.
“Automated security requests contain everything you need to quickly and safely review and merge a proposed fix into your project, including information about the vulnerability like release notes, changelog entries, and commit details,” GitHub said in announcing the new feature.
The automatic updates will make use of Dependabot, the automated update tool GitHub acquired just seven days ago. Earlier this week, GitHub boss Nat Friedman bigged up the tool as “Roomba for your code”, referring to the automated home vacuum bot.
The Dependabot acquisition was part of a larger effort by GitHub to add new management and administrator options for both its free and premium service customers along with a new funding push for open-source projects.
www.extremehacking.org
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India
The post Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
from Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity http://bit.ly/2EJBv5z
Comments
Post a Comment