GitHub is adding several services to its popular code-sharing site to help developers manage dependencies and improve security.
GitHub dependency graph service
With the dependency graph service, GitHub will use its own data to build a dependency graph that gives developers insight into both projects their code depends on and the projects that depend on their code.
The essential features in the GitHub dependency graph service
The dependency graph relies on package managers to draw out dependencies when there are dependency manifest files. But over time, GitHub will provide the dependency graph service for projects that do not have dependency manifests. Still, GitHub recommends projects use a manifest file format to find these dependencies.
The graph also will be annotated with additional information for security and license and operational risks.
Where to get the GutHub dependence graph service
The dependency graph is available now on Github.com for public and private repos. The dependency graph will come to GitHub Enterprise, a paid service for enterprises, in early 2018. (GitHub Enterprise can be run at GitHub’s site as a cloud service or locally installed on-premises, as desired.)
GitHub security alerts service
The GitHub security alerts service is the first of a set of planned security features for GitHub.
The essential features in the GitHub security alerts service
Security alerts will associate the graph tracking dependencies with public security vulnerabilities, and providing alerts based on those connections, as well as alerts to some GitHub fixes.
Where to get the GutHub security alerts service
The security alerts services will come “soon” to Github.com for public and private repos. It will come to GitHub Enterprise in early 2018.
Other enhanced features in GitHub
Other changes to GitHub include:
- Improved discovery, with the Discover Repositories feed on its dashboard recommending open source projects based on what a user has been following and what has been popular on the site.
- Redesigned Explore experience , to connect developers with collection topics and resources from GitHub contributors worldwide. The Explore capability connects to curated collections, topics, and resources from contributors, with collections covering topics ranging from machine learning to games.
- Paid premium support for GitHub Enterprise users, with 24/7 phone support.