GitHub is making one of its most important tools more useful with a significant update.
A company blog postexplains that GitHub has been working behind the scenes to improve Dependabot, an automated alert service that flags potential vulnerabilities in code.
While this might sound excellent in theory – and likely saved a lot of heartache further down the coding line – in practice the bot can be quite noisy, something GitHub developers have been complaining about for a while.
A change in tact
The latest update from GitHub changes Dependabot's strategy, surfacing whether code is calling vulnerable code paths, which should help increase the ratio of signal to noise.
Since being acquired by Github in 2019, nearly three million developers have used Dependabot, which is testament to how useful automated tools can be for the often laborious task of coding apps and services.
As GitHub outlines, the service currently curates data on vulnerable packages in a centralised Advisory Database. In the future, GitHub will include data on affected functions for each source library, powered by Stack Graphs.
And that's not all. GitHub also plans to roll out additional changes over the coming months to improve Dependabot's alerts, including flagging development dependencies and transitive dependency paths.
Microsoft to the rescue
Microsoft acquired GitHub in 2018 for $7.5 billion, consolidating its position as one of the leading services providers for anyone using a computer. There were a lot of initial fears that Microsoft would ruin the service, which is beloved by developers.
But these fears have mostly been allayed, besides a few hiccups along the way, including introducing an algorithmic feed.
The service remains hugely popular for everyone at all stages of the coding process.
