Sonatype has introduced a tool for developers called DepShield, which checks the code on GitHub for vulnerabilities.
The free version of the service is looking for vulnerabilities in the OSS Index database and gives recommendations on how to fix them. In the commercial version, you can configure automatic fixing of problems. Also in DepShield there are:
- work with the Apache Maven framework;
- View a list of known vulnerabilities in GitHub's Issue Tracker;
- determine the range of versions for each vulnerability.
DepShield is available in the "Security" section of the GitHub Marketplace.
GitHub has introduced two new features that will help improve security and simplify the recovery of accounts. For this, the company recommends setting a strong password and two-factor authentication.