Dependabot alerts show vulnerable function calls (Python Beta)

Dependabot alerts now show if your repository code is calling known vulnerable functions from the dependency's vulnerability. If your code is calling vulnerable code paths, this information is surfaced via a "vulnerable call" label and code snippet in the Dependabot alerts UI. You can also filter for these alerts with has:vulnerable-calls from the Dependabot alert's search field.

Vulnerable functions are curated as part of GitHub's publishing process for the Advisory Database. New incoming Python advisories will be supported, and we're working on backfilling known vulnerable functions for historical Python advisories. After beta testing with Python we will add support for other ecosystems. Keep an eye on the public roadmap for more information.

This feature is enabled for supported Dependabot alerts on public repositories, as well as on repositories with GitHub Advanced Security enabled.

For more information on what we're shipping, read our post in the GitHub blog.

GitHub's code navigation features "jump to definition" and "find all references" are now available for all Elixir projects on GitHub.

When you view an Elixir file on github.com, you can click on the name of a function, module, or macro to see its definition and its references within that repository. We use the tree-sitter library to find definitions and call sites in your code.

Special thanks to @the-mikedavis and the tree-sitter-elixir team for contributing the queries that power this system.

Learn more about code navigation for Elixir and other languages in the GitHub documentation: Navigating code on GitHub.

Also, check out the tree-sitter library to learn how support for different languages is implemented.

See more