GitHub Announces Dependency Graph Support for PHP

GitHub Announces Dependency Graph Support for PHP

Today GitHub announced new dependency graph support for PHP repositories with Composer dependencies. This means that PHP repositories will get security alerts, automatic security fixes, dependency insights, and more.

The benefit to this is when there’s a published vulnerability on any of the Composer dependencies that your project lists in composer.json and composer.lock files, GitHub will send you an alert so you can address it. Plus if you opt in to the automatic beta you’ll get pull requests for your vulnerable dependencies.

To go along with this new feature GitHub has also just become a CVE Numbering Authority which will make it easier for maintainers to report vulnerabilities directly from their repositories. GitHub will assign a CVE ID, post to the CVE List, and then to the National Vulnerability Database (NVD) on a developer’s behalf. By making this process simple and native to the GitHub experience, they believe more vulnerabilities will be disclosed, and then alerted to affected teams more quickly.


Filed in: News / GitHub


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Laravel Developer (Full-Stack)
Munich
Volunteer Vision GmbH
Full-Stack Developer
Tampa
Nu Image Medical
Senior Software Developer
Remote (US ONLY)/Kenilworth, NJ
Diversified
Senior Back-end Laravel API Developer - Immediate Contract (Full Time)
Remote
ApproveMe // Document Signing
Web Development Project Manager
Houston, TX
Swyft Filings
Experienced Laravel/VueJS Developer (Freelance)
Remote (preferably in the US)
Prosperly LLC
Senior React / Laravel Developer
Remote
The C.A.S.E. Engineering Group