What’s new at GitHub: dependency management, security alerts

Posted on 12-10-2017 , by: admin , in , 0 Comments

GitHub is adding several services to its popular code-sharing site to help developers manage dependencies and improve security.

GitHub dependency graph service

With the dependency graph service, GitHub will use its own data to build a dependency graph that gives developers insight into both projects their code depends on and the projects that depend on their code.

The essential features in the GitHub dependency graph service

Via the dependency graph, developers can see which applications and packages they are connected to without leaving their repository. The graph currently supports JavaScript and Ruby code, with Python support planned for later.

The dependency graph relies on package managers to draw out dependencies when there are dependency manifest files. But over time, GitHub will provide the dependency graph service for projects that do not have dependency manifests. Still, GitHub recommends projects use a manifest file format to find these dependencies.