Github Code Scanning: vulnerability scanner by Justin Hutchings

Dec 3, 2020

 

GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. We’re thrilled to announce the general availability of code scanning. You can enable it on your public repository today!

One year ago, GitHub welcomed Semmle. We’ve since worked to bring the revolutionary code analysis capabilities of its CodeQL technology to GitHub users as a native capability. At GitHub Satellite in May, we released the first beta of our native integration: code scanning. Now, thanks to the thousands of developers in the community who tested and gave feedback, we’re proud to announce that code scanning is generally available.

Code scanning helps you prevent security issues in code

Code scanning is designed for developers first. Instead of overwhelming you with linting suggestions, code scanning runs only the actionable security rules by default so that you can stay focused on the task at hand.

Code scanning integrates with GitHub Actions—or your existing CI/CD environment—to maximize  flexibility for your team. It scans code as it’s created and surfaces actionable security reviews within pull requests and other GitHub experiences you use everyday, automating security as a part of your workflow. This helps ensure vulnerabilities never make it to production in the first place.

Read the rest of this story with a free account.

Already have an account? Sign in

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023