Bleeping Computer

Github Will Warn Developers About Vulnerable Dependencies in Their Projects

GitHub — the Internet largest code hosting service — is rolling out a new security feature through which it hopes to reduce the number of vulnerable projects hosted and distributed through its ...
adtmag.com

GitHub Intros Dependency Graphs, Security Alerts Coming Soon

GitHub is boosting the security capabilities of its software development platform, introducing a new open source project dependency graphs and promising alerts when bad actors show up in those graphs.
Dark Reading

Google Tackles Open Source Security With New Dependency Service

In a bid to reduce software supply chain risks in the open source software ecosystem, Google launched a free API service providing dependency data and security-related information on over 5 million ...
InfoWorld

Understand Python’s new lock file format

The newly approved Python Enhancement Proposal 751 gives Python a standard lock file format for specifying the dependencies of projects. Here’s the what, why, and when. Python Enhancement Proposal ...
ZDNet

GitHub: Our dependency scan has found four million security flaws in public repos

GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners. The massive bug-find total ...