GitHub Announced Code Scanning Feature

GitHub Announced Code Scanning Feature.The functionality helps developers to identify vulnerabilities using the more than 2,000 CodeQL queries created by the organisation and the community, provided by the CodeQL code analysis engine that GitHub acquired after the acquisition of Semmle last year.

To discover different kinds of challenges, developers can even build their own personalised queries. GitHub reports that there have been 132 contributions from the group to the CodeQL question collection to date.

With GitHub Behavior or other continuous integration / continuous deployment (CI / CD) solutions, code scanning can be incorporated. As soon as it is created, code is scanned and security feedback inside pull requests are given to users.

Based on the accessible SARIF standard, code scanning is extendable so that within the same GitHub-native interface you enjoy, you can use open source and commercial static application security testing (SAST) solutions. To display results from all your protection software in a single gui, you can combine third-party scanning engines and even export multiple scan results via a single API, ”clarified GitHub.

For public repositories, code scanning is easy, and GitHub Business teams may use it for private repositories as part of the GitHub Advanced Protection package.GitHub Announced Code Scanning Feature.

GitHub reports that it has searched more than 12,000 repositories 1.4 million times since it launched the beta edition of code scanning in May. This lead to over 20,000 security concerns, such as remote code execution, SQL injection, and XSS bugs, being discovered.

SEE ALSO:
Stantinko Observed Using a New Version of a Linux Proxy Trojan
Leave a Reply
Previous Post
Cisco

Cisco Patches for Two High-Severity Vulnerabilities in IOS XR Software

Next Post
Ransomware

Treasury Department Warns Payment Facilitators of Ransomware of Legal Consequences

Related Posts