Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Code Scanning function for identification of vulnerabilities on GitHub is now available to everyone

Now Reading
Code Scanning function for identification of vulnerabilities on GitHub is now available to everyone

GitHub developers announced the launch of a new Code Scanning function that allows scanning code for vulnerabilities.

Previously, the new product worked in test mode (since May 2020), but now it has become available to all users, both paid and free.

“The new feature helps preventing products from vulnerabilities by analyzing every pull request, commit and merge, recognizing vulnerable code as soon as it is created”, – says ZDNet with a link to the GitHub developers.

If vulnerabilities are found, the scanner will offer the developer to revise his code.

Code Scanning runs on top of CodeQL, a technology that GitHub has integrated into its platform since it acquired the Semmle analytics platform in September 2019. In essence, this will allow developers to create rules for detecting different versions of the same bug in large arrays of code.

CodeQL stands for code query language and is a generic language that allows developers to write rules to detect different versions of the same security flaw across large codebases.

GitHub has already created 2,000 predefined CodeQL queries that users can use in their repositories and automatically check for the most basic vulnerabilities in new codes.

“In addition, the scanner can be extended with custom CodeQL templates written by repository owners, or by connecting third-party open source solutions or commercial SAST products”, – report GitHub developers.

You can enable the new feature in the Security tab.

Code Scanning function on GitHub

According to GitHub, the new feature has already been used for more than 1.4 million scans of 12,000 repositories and helped to identify over 20,000 vulnerabilities, including remote code execution (RCE) vulnerabilities, SQL injection and cross-site scripting (XSS).

The developers also seem to have received the new feature well, and GitHub reports that since spring, since the launch of this feature, they have already received over 130 different community contributions to the open source CodeQL querysets.

Let me remind you that we recently talked about the fact that Comodo will open endpoint detection and response (EDR) product source code.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response