New GitHub code scanning tech should make it easier to spot security flaws.
GitHub now allows developers to scan their code for the “default setup” repository, hopefully helping them to spot any security issues before they escalate.
With this new feature, Github says developers (opens in new tab) will be able to configure the repository automatically, and with as little effort as possible.
GitHub’s code scanning is powered by its CodeQL engine, and while it supports a wide variety of compilers, so far the feature is only available for Python, JavaScript, and Ruby.
That should change soon, said GitHub’s Walker Chabbott, as the company now seeks to expand the support to additional languages by summer.
To stay up to date with latest top stories, make sure to subscribe to this YouTube channel by clicking the button above this video!
Those looking to test out the new feature should open up their repository’s settings, navigate to “Code security and analysis”, and click the “Set up” drop-down menu.
Foreign [Music] New GitHub code scanning Tech should Make it easier to spot security flaws GitHub now allows developers to scan Their code for the default setup Repository hopefully helping them to Spot any security issues before they Escalate with this new feature GitHub Says developers opens a new tab will be Able to configure the repository Automatically and with as little effort As possible github's code scanning is Powered by its conical engine and while It supports a wide variety of compilers So far the feature is only available for Python JavaScript and Ruby that should Change soon said github's Walker Chabot As the company now seeks to expand the Support to additional Languages by Summer to stay up to date with latest Top stories make sure to subscribe to This YouTube channel by clicking the Button above this video those looking to Test out the new feature should open up Their repository settings navigate to Code security and Analysis and click the Setup drop down menu there they'll find The default option when you click on Default you'll automatically see it Tailored configuration summary based on The contents of the repository Chabot Set in the blog post this includes the Languages detected in the repository the
Query packs that will be used and the Events that will trigger scans in the Future these options will be Customizable once enable cautical is Turned on the feature will automatically Start looking for Flaws in the Repository the conical code analysis Engine bleeping computer reminds was Added to the GitHub platform in September 2019 following the latter's Acquisition after a year in beta testing General availability was announced in September 2020 during the beta stage the Tool scan more than 12 000 repositories 1.4 million times and found more than 20 000 security vulnerabilities some of These were of high severity including Remote code execution rce SQL injection And cross-site scripting xss scanning The code is free of charge for all the Publication added stressing that Enterprise users can also benefit from It via the GitHub Advanced security for GitHub Enterprise [Music]
