GitHub, the popular code-sharing site is adding several enhancements to help developers manage code dependencies and improve on overall security, with a dependency graph that give developers insight into projects that depend on their code.
The dependency graph also works vice versa, and capable of showing the users what projects depend on other projects as well as offer security alerts.
The alerts will associate the graph tracking dependencies with public security vulnerabilities, and provide alerts based on those connections, as well as GitHub fixes.
Thereby allowing developers to see which applications and packages they are connected to without leaving their repository.
As the graph relies on package managers to draw out dependencies when there are dependency manifest files, GitHub recommends projects to use a manifest file format to find these dependencies.
GitHub, however is working to extend the dependency graph service for projects that do not have manifest files.
The graph service is now available on Github.com for public and private repos; and coming to GitHub Enterprise, a paid service for enterprises, in early 2018.
How GitHub dependency graph give insight into developers' code-related projects
GitHub, the popular code-sharing site is adding several enhancements to help developers manage code dependencies and improve on overall security, with a dependency graph that give developers insight into projects that depend on their code.
The dependency graph also works vice versa, and capable of showing the users what projects depend on other projects as well as offer security alerts.
The alerts will associate the graph tracking dependencies with public security vulnerabilities, and provide alerts based on those connections, as well as GitHub fixes.
Thereby allowing developers to see which applications and packages they are connected to without leaving their repository.
As the graph relies on package managers to draw out dependencies when there are dependency manifest files, GitHub recommends projects to use a manifest file format to find these dependencies.
GitHub, however is working to extend the dependency graph service for projects that do not have manifest files.
The graph service is now available on Github.com for public and private repos; and coming to GitHub Enterprise, a paid service for enterprises, in early 2018.