WPTavern: GitHub Launches New Dependency Graph Feature with Security Alerts Coming Soon
Public repositories display the graph by default and private repository owners also have the option to enable it. Below is a screenshot of Gutenberg’s dependency graph:
GitHub plans to extend dependency graphs to show security alerts when one of the dependencies is using a version that is publicly known to be vulnerable to a security issue. The alerts may also in some cases be able to suggest a security fix. Security alerts for dependencies is the first among a collection of security tools that GitHub has planned to release.
GitHub is also launching new efforts to connect its massive community. The company reported 24 million developers working across 67 million repositories in 2017. The new community features are aimed at helping developers make meaningful connections in the vast sea of repositories on the platform. Users will notice a new “Discover Repositories” feed in their dashboards that makes recommendations based on their starred repositories and the people they follow.
GitHub has also launched a new curated Explore section to help users browse open source projects, topics, events, and resources.