GitHub Introduces Automatic Vulnerability Scanning Feature


Microsoft-owned code hosting platform GitHub is now providing developers with the option to have their code repositories automatically scanned for vulnerabilities.

Microsoft-owned code hosting platform GitHub is now providing developers with the option to have their code repositories automatically scanned for vulnerabilities.

Available as a ‘default setup’ option, the new feature is meant to help code builders find and resolve vulnerabilities faster.

Available for JavaScript, Python, and Ruby repositories, it allows open source developers and enterprises to enable code scanning without the use of a .yaml file and will immediately provide them with insights into their code’s issues.

To enable the new option, GitHub users should head to the ‘Settings’ tab in their repositories and then navigate to ‘Code security and analysis’, under ‘Security’.

Developers will find two options: ‘Default’, which automatically sets up code scanning, and Advanced, which allows them to customize code scanning using a .yaml file. If default setup is not supported, the first option will be grayed out.

“When you click on ‘Default’, you’ll automatically see a tailored configuration summary based on the contents of the repository. This includes the languages detected in the repository, the query packs that will be used, and the events that will trigger scans. In the future, these options will be customizable,” GitHub explains.

To enable automatic code scanning for their repositories, developers need to click ‘Enable CodeQL’ after reviewing the displayed configuration.

“We are working hard to make this experience available for all languages supported by the CodeQL analysis engine. We will continue rolling out support for new languages based on popularity and build complexity over the next six months,” GitHub announced.


By Ionut Arghire on Tue, 10 Jan 2023 13:24:24 +0000
Original link