GitHub Announced Code Scanning Feature.The functionality helps developers to identify vulnerabilities using the more than 2,000 CodeQL queries created by the organisation and the community, provided by the CodeQL code analysis engine that GitHub acquired after the acquisition of Semmle last year.
To discover different kinds of challenges, developers can even build their own personalised queries. GitHub reports that there have been 132 contributions from the group to the CodeQL question collection to date.
With GitHub Behavior or other continuous integration / continuous deployment (CI / CD) solutions, code scanning can be incorporated. As soon as it is created, code is scanned and security feedback inside pull requests are given to users.
Based on the accessible SARIF standard, code scanning is extendable so that within the same GitHub-native interface you enjoy, you can use open source and commercial static application security testing (SAST) solutions. To display results from all your protection software in a single gui, you can combine third-party scanning engines and even export multiple scan results via a single API, ”clarified GitHub.
For public repositories, code scanning is easy, and GitHub Business teams may use it for private repositories as part of the GitHub Advanced Protection package.GitHub Announced Code Scanning Feature.
GitHub reports that it has searched more than 12,000 repositories 1.4 million times since it launched the beta edition of code scanning in May. This lead to over 20,000 security concerns, such as remote code execution, SQL injection, and XSS bugs, being discovered.