GitHub has introduced the Dependency Graph, a feature that lists all the libraries used by a project. The new feature supports JavaScript and Ruby, and the company also plans to add the support for Python next year. The feature is designed to alert developers when one of their projects new security dependencies has known flaws. The Dependency graph and the security alerts feature have been automatically enabled for public repositories, but they are opt-in for private repositories. The dependency graph and security alerts currently support Javascript and Rubywith Python support coming in 2018.”]
Source: https://securityaffairs.co/wordpress/65669/security/github-alerts-flawed-libraries.html

