From the course: GitHub Advanced Security (GHAS)
Join today to access over 24,700 courses taught by industry experts.
GitHub Advisory Database - GitHub Tutorial
From the course: GitHub Advanced Security (GHAS)
GitHub Advisory Database
- GitHub checks multiple sources for the vulnerabilities it tracks for Dependable based on the community information in the National Vulnerability Database from NIST each vulnerability is annotated with additional information if needed. this data is stored in the GitHub advisory database. GitHub is in a unique position to analyze the reported vulnerabilities and has the best view of what is happening in the repository and its community. Other parties only look at the vulnerability reports from the outside while GitHub directly communicates with the maintainers of the projects. Therefore GitHub has created its own GitHub advisory database that has been open sourced so that anyone can propose new vulnerabilities to be added. There's a team of full-time GitHuber's at work. Triaging reports validating them against the repository and if needed annotating them. An annotation I have seen before, for example is a case with the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.