The popular website developers GitHub announced that it will add support for Dependency Graph for Composer-based PHP projects.
Function Dependency Graph is associated with the Security Alerts feature. So with the new addition, GitHub users will be able to receive notifications security automatically, if any vulnerability in their PHP projects.
The Security Alerts is one of the most important and useful services, that is available on GitHub. This feature scans their programs and projects users and checks whether there is any vulnerability by using a list containing known errors as a comparison.
If GitHub finds a vulnerability, Security Alerts inform the developer. This can be done in several ways:
- With a banner on the GitHub interface
- With alerts on the GitHub domain
- By shipment e-mail for any vulnerability discovered
- Email us on a daily or weekly basis for all bugs found.
Support for PHP projects has been something developers have been waiting for since PHP is one of the most popular programming languages.
However, GitHub has stated that Dependency Graph and Notifications Security will not work for all PHP projects but only for Composer-based PHP projects. Composer is a package manager used to automatically import PHP libraries into a PHP project.
GitHub users interested in the new feature can find more information here.
GitHub has also announced that it has acquired one platform security analysis; Semmle.