GitHub adds code scanning for security bugs

Nancy J. Delong

GitHub has designed its code scanning provider usually out there. Dependent on the CodeQL semantic code examination technological innovation obtained from Semmle, GitHub code scanning now can be enabled in users’ general public repositories to uncover security vulnerabilities in their code bases. The provider also supports examination using third-occasion applications.  […]

GitHub has designed its code scanning provider usually out there. Dependent on the CodeQL semantic code examination technological innovation obtained from Semmle, GitHub code scanning now can be enabled in users’ general public repositories to uncover security vulnerabilities in their code bases. The provider also supports examination using third-occasion applications. 

GitHub code scanning is meant to operate only actionable security regulations by default, to assistance developers keep on being targeted on the job at hand and not grow to be confused with linting tips. The provider integrates with the GitHub Actions CI/CD system or a user’s other CI/CD environment. Code is scanned as it is established although actionable security reviews are surfaced inside of pull requests and other GitHub encounters. This process is meant to assure that vulnerabilities never make it into creation.

Developers can leverage the additional than two,000 queries established by GitHub and the local community at big, or establish custom queries to deal with new security considerations. GitHub code scanning was constructed on the SARIF regular and is extensible, so developers can contain open resource and commercial static application security tests solutions inside of the same GitHub-native knowledge. 3rd-occasion scanning engines can be built-in to watch benefits from all of a developer’s security applications by way of a one interface. Several scan benefits can be exported by way of a one API.

GitHub code scanning is free of charge for general public repositories. For private repositories, the provider is out there for the rate-based GitHub Business provider by way of GitHub Superior Security. Because the 1st beta of the provider in May possibly, GitHub stated, GitHub code scanning has scanned twelve,000 repositories 1.4 million times and found additional than 20,000 security concerns which includes distant code execution, SQL injection, and cross-site scripting vulnerabilities.

Copyright © 2020 IDG Communications, Inc.

Next Post

Microsoft’s Playwright simplifies tests for Python web apps

Microsoft right now announced the release of the Python variation of Playwright, a framework for stop-to-stop testing of world wide web applications in Python. Playwright is the most recent in a slew of Microsoft-designed Python applications which include the Pylance and Pyright language-support incorporate-ons for Visual Studio Code. Playwright integrates with the Pytest […]