Table of Contents
The Go programming module has been given an update by GitHub in the form of a new supply chain.
This supply chain deals with the security updates for the module to make it better. On July 22 the product manager of GitHub; William Bartholomew issued a statement that explained how Go will be more firm after the update.
Also known as Golan, Go is now included in the top fifteen programming languages on the platform.
Not only that, GitHub who is known as the most famous host for Go Modules, is trying its best to help the community to discover, detect and tackle the security vulnerabilities and threats.
The modules were launched back in 2019. Their basic task was to help people with the management, the dependency management.
According to the go developer survey that w as conducted in 2020, Go was successfully being used in the workspaces in any form by almost 76 percent of the total respondents. This graph shows the success of Go modules which only increased after the updates.
The popularity of these modules is increasing day by day. 96 percent of the polling described that they use the modules for package management.
Which means that it has increased up to 7 percent since 2019. Moreover, 87 percent of the people also indicated that they use the module exclusively for this reason.
The results of this survey clearly indicated the decline that was seen in other package management solutions. As for GitHub, Go module can now avail four major aspects of the supply chain of security.
At the time of publication, there were almost 150 Go advisories in GitHub’s advisory database. The developers can also have access to the CVE IDs for the new identified security flaws in the system.
Bartholomew also added that he has seen the numbers going up every day since they are removing all the potential threats and vulnerabilities.
The dependency graph which is released by GitHub not only tracks but also evaluates the project dependencies using the go.mod. It also warns the users when any risky dependency is discovered by the software.
The latest version also contains the Depend a bot. This tab notifies the people whenever there are any new flaws in the module.
This new update adds many new features as well. These features now allow the user to enable the automatic pull requests. Not only that, the notification settings have been enhanced for updated and fine tuning. All these features are added to fix the vulnerable Go modules so that users can work more effortlessly. As said by Bartholomew, these pull requests are automatically made in order to carry out the security updates. The dependency patches upto 40% faster.