SaaS News Hubb
Advertisement
  • Home
  • News
  • Software Engineering
  • Software Development
  • SAAS Applications
  • Contact Us
No Result
View All Result
  • Home
  • News
  • Software Engineering
  • Software Development
  • SAAS Applications
  • Contact Us
No Result
View All Result
SaaS News Hubb
Home Software Engineering

Prevent the introduction of known vulnerabilities into your code

by admin
April 6, 2022
in Software Engineering
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter


Understanding your supply chain is critical to maintaining the security of your software. Dependabot already alerts you when vulnerabilities are found in your existing dependencies, but what if you add a new dependency with a vulnerability? With the dependency review action, you can proactively block pull requests that introduce dependencies with known vulnerabilities.

How it works

The GitHub Action automates finding and blocking vulnerabilities that are currently only displayed in the rich diff of a pull request. When you add the dependency review action to your repository, it will scan your pull requests for dependency changes. Then, it will check the GitHub Advisory Database to see if any of the new dependencies have existing vulnerabilities. If they do, the action will raise an error so that you can see which dependency has a vulnerability and implement the fix with the contextual intelligence provided. The action is supported by a new API endpoint that diffs the dependencies between any two revisions.

Demo of dependency review enforcement

The action can be found on GitHub Marketplace and in your repository’s Actions tab under the Security heading. It is available for all public repositories, as well as private repositories that have Github Advanced Security licensed.

We’re continuously improving the experience

While we’re currently in public beta, we’ll be adding functionality for you to have more control over what causes the action to fail and can set criteria on the vulnerability severity, license type, or other factors We’re also improving how failed action runs are surfaced in the UI and increasing flexibility around when it’s executed.

If you have feedback or questions

We’re very keen to hear any and all feedback! Pop into the feedback discussion, and let us know how the new action is working for you, and how you’d like to see it grow.

For more information, visit the action and the documentation.



Source link

Previous Post

Codespaces moves into public beta, the virtual real estate worth millions, and how microservices and CI/CD can hurt productivity (Ep. 425)

Next Post

Our guide to subscription business models [2022 Update]

Related Posts

Software Engineering

Crystal balls and clairvoyance: Future proofing in a world of inevitable change

May 19, 2022
Software Engineering

Tell a Compelling Story: Pitch Deck Components That Persuade

May 19, 2022
Software Engineering

Skyflow Privacy and Compliance with Sean Falconer

May 19, 2022
Software Engineering

Building out a managed Kubernetes service is a bigger job than you think

May 18, 2022
Software Engineering

What Is Agile? A Philosophy That Develops Through Practice

May 18, 2022
Software Engineering

Technical Debt With Lee Atchison

May 18, 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

News

Customer Acquisition Strategy for SaaS Companies: A Complete Guide

May 19, 2022
Software Engineering

Crystal balls and clairvoyance: Future proofing in a world of inevitable change

May 19, 2022
Software Engineering

Tell a Compelling Story: Pitch Deck Components That Persuade

May 19, 2022
Software Engineering

Skyflow Privacy and Compliance with Sean Falconer

May 19, 2022
Software Development

Report | Evaluating DevSecOps Tools

May 19, 2022
Software Development

Avoiding Design by Committee

May 19, 2022
SAAS Applications

How AI Changes the Future of Sales and Marketing

May 19, 2022
SAAS Applications

Dynamics 365 CE Edit Filter Criteria Error

May 19, 2022
SAAS Applications

The Beginner’s Guide to SEO for Retailers

May 19, 2022

© 2022 Sass News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy

Navigate Site

  • Home
  • News
  • Software Engineering
  • Software Development
  • SAAS Applications
  • Contact Us

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Software Engineering
  • Software Development
  • SAAS Applications
  • Contact Us