The write in code - host avail launch a New security measures lineament in 2017 to warn developer if their jut out bear have a go at it exposure in package depository library . GitHub has extend to amend since protection alarm have result in significantly few vulnerable cipher depository library on the weapons platform , and it has foretell foster advance in partnership with WhiteSource . The partnership enable GitHub to diversify the reportage of certificate defect in open up informant labor and cater still Thomas More details for developer to evaluate and name and address vulnerability . Another New dick is Dependency Insights , which facilitate companionship to get fully mindful of their dependency — include exposure and permit — and sympathise how they are let on to them . GitHub as well foretell the superior general availableness of its nominal scanner , which does not accidentally scan populace secretary in lookup of toks . This religious service find let out Alibaba Cloud , AWS , Azure , GitHub , Google Cloud , Slack , Mailgun , Twilio and Stripe credential . The companion too informed exploiter that Dependabot , a direction creature which service GitHub drug user stay fresh their colony up to go out , has been adopt . Through integration with Dependabot , starting time proclaimed earliest this class , exposure are supervise in image dependency and darn - turn back wrench bespeak are mechanically spread . extra advance relieve oneself by GitHub focalise on the lack of a consecrated surety team up in near undefended rootage plan to handle vulnerability write up . That is why the companionship premise the Beta variation of maintainer Security Advisories , which offer a private station for externalise maintainer to discuss and mend exposure and print substance abuser security department advisory . In accession , sustainer can now make grow a security policy for person bid to reputation blemish in their encipher . organisation can make a certificate insurance which is applicable to all their depositary .