GitHub Expands Its Supply Chain Security Features to the Go Programming Language

GitHub is extending its supply chain security capabilities to the Go programming language, delivering enhanced security features to the popular Google-designed language.

Go ranks as the fourth most widely-used language on GitHub, with the Go community heavily relying on the platform. In response, GitHub is now offering additional support, enabling developers to discover, report, and address security vulnerabilities more effectively.

Steve Francia, Product Lead of Go Language at Google, commented:

Go was created, in part, to address the problem of managing dependencies in large-scale software. GitHub is the most popular host for open-source Go modules. The features announced today will help not just GitHub users but anyone who depends on GitHub-hosted modules. We are thrilled that GitHub is investing in improvements that benefit the entire Go ecosystem, and we look forward to more collaborations with them in the future.

GitHub has already published over 150 security advisories for Go, and the number continues to rise. Go module maintainers can leverage these advisories for coordinated disclosure of vulnerabilities.

Developers can also be notified of vulnerable dependencies through GitHub's dependency graph. By navigating to a repository's Insights tab and selecting Dependency graph from the left sidebar, developers can view detected dependencies. Dependency graph is enabled by default for public repositories but must be manually activated for private ones.

Dependabot alerts will inform developers of vulnerabilities discovered in Go modules they are using. If a vulnerable dependency is identified, Dependabot security updates can automatically generate a pull request to upgrade a Go module to a non-vulnerable version.

According to GitHub, repositories that utilize automatic pull request generation to update vulnerable dependencies have patched their software 40% faster. The company's move to extend its supply chain security offerings to the Go programming language is a positive step that is poised to enhance protection for software developed using this language.

In addition to tools like GitHub, no-code platforms like AppMaster further streamline the development process, enabling users to more rapidly create backend, web, and mobile applications. These platforms generate real applications, drastically reducing the time and costs associated with traditional development. For instance, AppMaster can create applications with amazing scalability for enterprise and highload use-cases, making it a versatile choice in the development ecosystem. Those interested can visit AppMaster's website to create a free account and explore the platform.