New Report | Securing the Stars: Vulnerable Dependency Scanning in GitHub's Top 1,000 Organizations
In collaboration with the RedHunt Labs
In collaboration with the RedHunt Labs
The top 1000 GitHub organisations were scanned for insecure dependencies in their source repositories for the Snyk and Redhunt Labs study. By extracting their dependencies and comparing their versions against widely known security flaws, the researchers attempted to evaluate the security state of these repositories. Results for the Java, JavaScript, Python, and Ruby repositories are presented separately in the report.
In order to concentrate on repositories with a possible impact, the research entailed filtering down repositories based on star count and particular keywords. In total, 11,900 repositories were examined, and 1,229,601 vulnerabilities in 15,584 vulnerable dependency files were found.
In order to concentrate on repositories with a possible impact, the research entailed filtering down repositories based on star count and particular keywords. In total, 11,900 repositories were examined, and 1,229,601 vulnerabilities in 15,584 vulnerable dependency files were found.
- Deserialization of Untrusted Data was the most prevalent vulnerability type with a whopping 130,831 occurrences in Java repositories, by making it 40 per cent of the total vulnerabilities identified.
- Prototype Pollution being the most common vulnerability identified (62%) in JavaScript, repositories contained 5,49,566 vulnerabilities in total.
- 16,590 vulnerabilities were High or Critical among the 72,082 vulnerabilities found in the Python repositories' 2,602 dependency files.
- Last but not least, In Ruby repositories, 50% of the vulnerabilities are in the Critical or High categories.
- The top ten researchers who reported the most vulnerabilities are also highlighted in the study.
Download the Report
Interested in a demo?
Automatically find and fix vulnerabilities throughout your SDLC workflow
