Wednesday, March 3, 2021
Home Developer GitHub Launches Code Scanning To Find Vulnerability In Your Code

GitHub Launches Code Scanning To Find Vulnerability In Your Code

GitHub Code Scanning is now generally available for users to evaluate their codes for security flaws. The idea behind this initiative is to eliminate vulnerabilities before the code is in production. By enabling GitHub Code Scanning, every git push is scanned for potential security loopholes. The results are displayed directly in pull requests, making the users aware of the imperfection in code.

The open-source–GitHub Code Scanning solution–is powered by CodeQL, which consists of 2,000+ default queries to scan the code. GitHub has doubled down on security enhancements since it acquired Semmle on September 19, 2019. Semmle allowed developers to write queries to search for vulnerabilities.

GitHub Code Scanning

Now, with Code Scanning, developers can fortify security threats effectively. However, it does not guarantee a 100% secure code since security flaws can vary based on the workflows. Nevertheless, one can eliminate common vulnerabilities in the code or use customized queries to determine security issues.

Since the beta release in May, GitHub Code Scanning developers have scanned 1.4 million times on 12,000 repositories. More than 20,000 security issues such as SQL injection, cross site scripting (XSS), and remote code execution (RCE) vulnerabilities were identified. Of the total flaws, 72% of them were fixed before the pull requests were merged. Such efficiency is way ahead than the industry standards, where it takes more than 30 days to fix at most 30 percent of all the flaws.

“We chose Advanced Security for its out-of-the-box functionality and the custom functionality that we can build off of. Instead of it taking a full day to find and fix one security issue, we were able to find and fix three issues in the same amount of time,” said Charlotte Townsley, Director of Security Engineering of Auth0.

GitHub Code Scanning is open-source and can be used for free with public repositories, but is only available to GitHub Enterprise to scan private repositories. To enable it in public repositories, you can visit here.

Check the announcement here.

Subscribe to our newsletter

Subscribe and never miss out on such trending AI-related articles.

We will never sell your data

Join our Telegram and WhatsApp group to be a part of an engaging community.

Avatar
Analytics Drift
Editorial team of Analytics Drift

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular