Go is now in the top 15 most popular languages on the open-source hosting site and these items aid the Go community in discovering, reporting, and ultimately prevent security vulnerabilities in their Go code while using GitHub.
GitHub is the home to millions upon millions of open-source software projects and developers, and this size means any action the company can take to make the life of developers better, or to secure software from exploits, has vast ramifications.
Consequently, GitHub’s announcement now ensures the world can sleep safer with Dependabot automatically notifying developers when new vulnerabilities are identified in Go modules, and then patching it for you by raising a pull request to upgrade the modules in your project. With dependency graph you even know if your dependencies have a newly discovered vulnerability. With GitHub’s Security Advisories feature, you can privately discuss and collaborate on vulnerabilities in your own app without it being public, and without having to leave GitHub.
Steve Francia, product lead, Go language, Google, said, “Go was created, in part, to address the problem of managing dependencies in large-scale software. GitHub is the most popular host for open-source Go modules. The features announced today will help not just GitHub users but anyone who depends on GitHub-hosted modules. We are thrilled that GitHub is investing in improvements that benefit the entire Go ecosystem, and we look forward to more collaborations with them in the future.”