GitHub is making one of its most important tools more useful with a major update.
A blog post from the company explains that GitHub has been working behind the scenes to improve Dependabot, an automated alerting service that flags potential vulnerabilities in code.
While this may sound great in theory, and probably saved a lot of headaches later down the coding line, in practice the bot can be quite noisy, which GitHub developers have been complaining about for some time.
A change of touch
The latest GitHub update changes the Dependabot policy, indicating whether code calls vulnerable code paths, which should help increase the signal-to-noise ratio.
Since its acquisition by Github in 2019, almost three million developers have used Dependabot, which is a testament to the usefulness of automated tools for the laborious task of coding apps and services.
As GitHub points out, the service currently maintains data about vulnerable packages in a centralized advisory database. In the future, GitHub will include data on affected features for each source library, powered by Stack Graphs.
And that's not all. GitHub also plans to roll out additional changes in the coming months to improve Dependabot alerts, including reporting build dependencies and transitive dependency paths.
Microsoft to the rescue
Microsoft acquired GitHub in 2018 for $7500 billion, cementing its position as a leading service provider for anyone who uses a computer. There were a lot of initial fears that Microsoft would screw up the service, which developers love.
But those fears have mostly allayed aside from a few hiccups along the way, including the introduction of an algorithmic feed.
The service remains extremely popular with everyone at all stages of the coding process.