How Github’s security alerts work
When you enable the dependency graph GitHub will notify you if there is a possible vulnerability in one of your dependencies. It will also suggest some possible fixes as well.
Rolling security alerts out to Python projects
The Python roll out was announced on the GitHub blog by Robert Schultheis on July 12. He writes:
We’ve chosen to launch the new platform offering with a few recent vulnerabilities. Over the coming weeks, we will be adding more historical Python vulnerabilities to our database. Going forward, we will continue to monitor the NVD feed and other sources, and will send alerts on any newly disclosed vulnerabilities in Python packages.
He isn’t specific about the Python vulnerabilities. However, as noted earlier, launching support for Python has always been part of GitHub’s plan since 2017.
According to Schultheis, Github “will be adding more Python vulnerabilities to our database.”