GitHub Code Scanning aims to prevent vulnerabilities in open source software

2020-05-08 07:48

GitHub has made available two new security features for open and private repositories: code scanning and secret scanning.

The code scanning feature, available for set up in every GitHub repository, is powered by CodeQL, a semantic code analysis engine that GitHub has made available last year.

CodeQL can analyze code written in C, C++, C#, Java, JavaScript, TypeScript, Python and Go, but the code scanning feature can work with any analysis engine.

With code scanning enabled, every 'git push' is scanned for potential security vulnerabilities.

"With over ten million potential secrets identified, customers have asked to have the same capability for their private code. Now secret scanning also watches private repositories for known secret formats and immediately notifies developers when they are found," explained Shanku Niyogi, Senior VP of Product at GitHub.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/D4jaRTmNVGQ/

#github #opensource #vulnerabilities

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Github		12	3	42	30	15	90

News URL

Related news

Related vendor