Github provides a new tool to secure your code
According to GitHub, inety-nine percent of new software projects depend on open source code. This extensive code reuse helps everyone build better software faster than ever before, but it also puts us all at risk of distributing security vulnerabilities from our dependencies. It’s more important than ever that every developer becomes a security developer—that they responsibly disclose vulnerabilities and patch vulnerable code quickly.
On the 23rd, GitHub announced several new security features designed to make it easier for developers to secure their code.
Dependency insights: a tool that gives an overview of the dependencies of the projects and their security state to assess your project exposure.
Token scanning: scans your repository to find AWS, GCP, Twilio and other tokens to avoid data breaches.
Automated security fixes: when your project uses an outdated and unsecured dependency, an automated pull request is created with the commit to update the version.
A lot of good tools to implement internally to protect your company.