That's it GitHub, one of the most popular platforms among software developers, launches a new security feature called Code Scanning. The new feature will be available to all users (both for those who pay and for those who have free accounts).
According to GitHub, Code Scanning “helps to avoid vulnerabilities, analyzing all the data and recognizing the vulnerable code as soon as it is created".
Once identified vulnerabilities, the Code Scanning will notify the developer to check his code and make the necessary changes.
Essentially, Code Scanning operates in conjunction with CodeQL, One technology that GitHub integrated after acquiring the code analysis platform Semmle, in September 2019.
CodeQL allows developers write rules for detecting different versions of the same security error in large codebases.
Setting it Code Scanning
At this point, developers will be asked to enable the CodeQL queries that GitHub will use to scan it source code their.
GitHub said its security team has assembled more than 2.000 predefined CodeQL queries, where the users can activate for their repositories to automatically check for the most basic vulnerabilities, when submitting a new code.
In addition, according to GitHub, Code Scanning can to be extended through custom CodeQL templates written by owners of repositories or through connection with open-source or SAST (static application security testing) third party solutions.
According to ZDNet, Code Scanning has been available to GitHub beta testers since May. The possibility security has been used to perform more than 1,4 million scans on more than 12.000 repositories. GitHub says they have been located more than 20.000 vulnerabilities (RCE, SQL injection and cross-site scripting (XSS) vulnerabilities).