At Universe conference, GitHub launches new Security Lab
Open-source hosting and repository service GitHub Inc., acquired by Microsoft Corp. for $7.5 billion in October 2018, today announced a series of new security products at its annual GitHub Universe event in San Francisco.
Leading the announcements is GitHub Security Lab, a new service that brings together security researchers, maintainers, and companies across the industry who share a belief that “the security of open source is important for everyone.”
It’s launching with partners that include Google LLC, HackerOne Inc. Mozilla Foundation, Oracle Corp., VMware Inc., Uber Technology Inc., LinkedIn, Microsoft and NCC Group plc. GitHub will contribute tools, resources, bounties and thousands of hours of security research for the benefit of its users.
As part of GitHub Security Lab, GitHub is also making CodeQL freely available. Designed to find vulnerabilities in open-source code, CodeQL is a code analysis platform used by security researchers to automate variant analysis. Already used by many security research teams, CodeQL already is used by GitHub itself to find more than 100 reported common vulnerabilities and exposures in some of the most popular open-source projects.
Complementing the service are GitHub Security Advisories, which allow maintainers to work with researchers on security fixes in a private space, apply for a CVE directly from GitHub and specify structured details about the vulnerability. In addition, once a security advisory is published, GitHub will now send security alerts to affected projects.
Also announced today at GitHub Universe is the GitHub Advisory Database, a public database of advisories created on GitHub along with additional data curated and mapped to packages tracked by the GitHub dependency graph.
“GitHub’s approach to security addresses the whole open source security lifecycle,” Jamie Cool, vice president of product management for security at GitHub, said in a statement. “GitHub Security Lab will help identify and report vulnerabilities in open source software, while maintainers and developers use GitHub to create fixes, coordinate disclosure, and update dependent projects to a fixed version.”
On Tuesday, GitHub announced the general availability of GitHub Actions and Packages, launched GitHub for mobile, demonstrated a redesigned notifications experience and announced the launch of a number of other features.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.