GitHub is making one of its most important tools more useful with a significant update.
A company blog postexplains that GitHub has been working behind the scenes to improve Dependabot, an automated alert service that flags potential vulnerabilities in code.
While this might sound excellent in theory – and likely saved a lot of heartache further down the coding line – in practice the bot can be quite noisy, something GitHub developers have been complaining about for a while.
A change in tact
The latest update from GitHub changes Dependabot's strategy, surfacing whether code is calling vulnerable code paths, which should help increase the ratio of signal to noise.
Since being acquired by Github in 2019, nearly three million developers have used Dependabot, which is testament to how useful automated tools can be for the often laborious task of coding apps and services.
As GitHub outlines, the service currently curates data on vulnerable packages in a centralised Advisory Database. In the future, GitHub will include data on affected functions for each source library, powered by Stack Graphs.
And that's not all. GitHub also plans to roll out additional changes over the coming months to improve Dependabot's alerts, including flagging development dependencies and transitive dependency paths.
Microsoft to the rescue
Microsoft acquired GitHub in 2018 for $7.5 billion, consolidating its position as one of the leading services providers for anyone using a computer. There were a lot of initial fears that Microsoft would ruin the service, which is beloved by developers.
But these fears have mostly been allayed, besides a few hiccups along the way, including introducing an algorithmic feed.
The service remains hugely popular for everyone at all stages of the coding process.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba