GitHub Reveals 4M JavaScript and Ruby Vulnerabilities in Public Repositories

March 22, 2018
Kevin Lam

This is very cool, I didn’t know that GitHub did this. Every time a vulnerability is disclosed in the public related to some open source library, GitHub scans its repositories for applications that depend on those libraries, and in this article http://www.zdnet.com/article/github-our-dependency-scan-has-found-four-million-security-bugs-in-public-repos GitHub reported it found about 4 million vulnerabilities in the code repositories it was hosting.

Right now GitHub is only looking for vulnerabilities in JavaScript and Ruby libraries, and plans to expand to Python, but this is a great GREAT start. Kudos to the GitHub folks.

–Kevin