Security News > 2020 > May > GitHub Code Scanning aims to prevent vulnerabilities in open source software

GitHub Code Scanning aims to prevent vulnerabilities in open source software
2020-05-08 07:48

GitHub has made available two new security features for open and private repositories: code scanning and secret scanning.

The code scanning feature, available for set up in every GitHub repository, is powered by CodeQL, a semantic code analysis engine that GitHub has made available last year.

CodeQL can analyze code written in C, C++, C#, Java, JavaScript, TypeScript, Python and Go, but the code scanning feature can work with any analysis engine.

With code scanning enabled, every 'git push' is scanned for potential security vulnerabilities.

"With over ten million potential secrets identified, customers have asked to have the same capability for their private code. Now secret scanning also watches private repositories for known secret formats and immediately notifies developers when they are found," explained Shanku Niyogi, Senior VP of Product at GitHub.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/D4jaRTmNVGQ/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 2 45 29 19 95