GitHub announced a series of updates to its service today that are supposed to help users improve the way they manage the development of software.
A new Dependency Graph will help customers better understand what code they rely on. It’s not unusual for one project to use an external piece of code to handle some piece of infrastructure that the developer didn’t want to replicate, and those dependencies sometimes stretch several layers deep.
What that means is that developers could be relying on pieces of code without knowing it. If there’s a bug or something amiss with a project further upstream, it could impact the downstream code and cause problems.
The Dependency Graph is supposed to help solve that and help better secure the resulting software as well. In the future, GitHub will be able to inform customers of security issues with upstream projects so they can work to mitigate the issue for their own software.
That’s important to help understand and address issues like the Heartbleed bug that left major tech companies open to attack due to their use of the OpenSSL project. The bug revealed that a piece of critical open source infrastructure, used by Fortune 500 companies including Facebook and other tech titans, was maintained by a tiny team with little support.
GitHub’s Dependency Graph could help identify projects in similar situations, and help make sure that people using them understand when doing so could put their companies and users at risk.
On top of the security features announced, GitHub is also launching a pair of features aimed at helping people tap into the community available through its service. An updated News Feed that’s being unveiled today will show people activity from around GitHub that they might be interested in based on which people and projects they follow on the platform.
A revised Explore feature will provide users with an easier way to find other projects that might be interesting or relevant to their work, as well.