How GitHub maintains its advisory database #23167
-
Hi, I am a PhD Student at NC State University. As part of our research, we are evaluating the existing tools that detect vulnerable dependencies. We have observed that the tools’ result can differ based on the strength of its vulnerability database. For our research, we are hoping to understand more on how services like GitHub maintains its vulnerability database. We’d be grateful if we get some responses for the below questions.
Thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
See the sources listed in our documentation: Browsing security vulnerabilities in the GitHub Advisory Database - GitHub Docs
Yes, though most of our time is spent on curation and helping maintainers report their advisories.
Yes. See a description in this blog post: Behind the scenes: GitHub security alerts - The GitHub Blog |
Beta Was this translation helpful? Give feedback.
See the sources listed in our documentation: Browsing security vulnerabilities in the GitHub Advisory Database - GitHub Docs
Yes, though most of our time is spent on curation and helping maintainers report their advisories.