Security Alerts for Java & Python

A couple months ago VersionEye started to track security vulnerabilities for PHP packages. A couple weeks ago the feature was rolled out for Ruby & Node.JS dependencies as well. And now it’s rolled out for Java & Python!

Now you will see the security tab in your Java & Python projects as well. Just like in the example here.

VersionEye-Java-Project-Security

If you click on the dependency link above you will come to the package detail page where more details to the security issues are visible.

VersionEye-Java-Project-Security_2

If your project dependencies are affected the dependency badge turns to “insecure”, showing everybody that some of the dependencies have security issues.

The security feature is available via the VersionEye API as well. You can filter by language and prod_key. Feel free to build your own integration on it 🙂

VersionEye-API-Security

VersionEye notifies you about security vulnerabilities independently from the version & license notifications. The security notification emails are going out on each Tuesday.

Currently VersionEye is crawling 6 different security sources for this feature. For Java & Python we are using the victims db, which claims to have 0 false positives. Please contribute to this db if you know about a Java or Python security vulnerability and help to make the world a safer place.

Do you know more good security databases which you would like to see integrated with VersionEye? If so contact me on Twitter please.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s