GitHub is launching a service for public repositories that will look at your software dependencies, then alert you if there is a security vulnerability in one of your dependent components. This is a huge deal as before now it was very difficult to figure this out. The only options were rather expensive services or manual inspection. Neither is an option for most open source projects. Its a bit poetic that MITRE just moved the CVE data to GitHub. The data GitHub is using will be out of date, it will contain mistakes and it will be incomplete.”]
Source: https://www.csoonline.com/article/3237767/github-s-new-security-scanner.html