Gemnasium's security coach on steroids!

Hi Matt Parker,


As announced last week, we are pleased to release today the new features focusing on security.


Remember: since Gemnasium-2.0 we monitor popular packages, looking for security or critical updates. Once something is detected, all impacted versions are tagged accordingly which ends up to a red color on the projects depending on it.


It's time to put some steroids on this! Let's review the new features:


Security Advisories

To bring you more information on these critical and security updates, Gemnasium now displays advisories right on the package’s page.


Advisories provide useful informations about security issues or critical updates: description, affected versions, fixed versions, available solutions etc…


Package Advisory


Advisories are displayed on each affected versions of a package and also on the ones that fix it.


Alerts

But that’s not enough… Keep calm and let the Security Coach tell you what’s wrong with your projects!


Right from your project page you now can check the security and critical advisories affecting your dependencies.


Project Alert


Open alerts just hang here until your project become safe! They are closed automatically when the dependency is updated to a non-affected version.


If your app has been fixed with a patch, a workaround or is simply not affected by the advisory, you can tell Gemnasium it’s okay and just close the alert.


Notifications and reminder

Gemnasium’s Security Coach will warn you immediately when an advisory is created and will remind you every day until the alert is closed (by an update or using the close button). But if you feel bothered by the reminder and still haven’t fixed the issue, you can acknowledge the alert to stop the notifications. This can be done on the project page or directly from your alert email.


To avoid spamming you when you have a lot of affected projects, notifications are grouped by advisory. Here is a sample alert email:


Email Alert


The security reminder takes your notifications settings into account. So you only receive security emails for projects and packages that have notifications enabled and you won’t be notified at all if you have totally disabled notifications in your settings.


Please note that all old alerts have been automatically acknowledged to avoid spamming you. Feel free to reopen them if you want to be reminded.


The notifications and reminder features are included in all plans starting from Bonzaï (see pricing), and also available as trial during the 1st month of registration for Free plans. As an exceptional offer, the security reminder is also available to all existing Free users until March, 31st!

As an exceptional offer, the security reminder is also available to all existing Free users until March, 31st!


Side notes

Gemnasium is still growing its changelogs base and advocates for a common format. Your opinion is welcome and you can contribute on the Vandamme open source project to help us defining a convention.




As always, we hope you’ll appreciate these new features and your feedback is welcome!



Cheers,
Gemnasium Team.