Locked GitHub And Its New GitHub Code Scanning Feature

[dEEpEst]

GitHub just announced that its new code scanning feature, GitHub code scanning, is now generally available. The new feature of the developer platform that Microsoft bought in 2018 for 7.5 billion dollars can scan any public repository for vulnerabilities.

The idea is to offer a native function within GitHub that can find vulnerabilities in the code of a repository before they reach production. If you have a public repo on GitHub, you can activate it from now on following the official documentation.

Automated security as part of your workflow

With the function active, the code will be revised as it is created, and areas that could be exploited in the future will be highlighted. At GitHub they hope that with this feature active they can catch bugs early to significantly reduce security incidents in the future.

GitHub code scanning integrates with GitHub Actions or your existing CI / CD environment to maximize team flexibility. Scans code as it is created and displays actionable security reviews within pull requests and other GitHub experiences, all to automate security as part of your workflow.

Before its launch, code scanning went through several months of testing. So far it has scanned 12,000 repositories 1.4 million times, and in total it has detected 20,000 security problems, from bugs that allowed remote code execution, through cross-site scripting, to SQL injection.

During the tests the developers and those in charge of maintaining the repositories resolved 72% of the security flaws identified in their pull requests before merging after the first 30 days.

This is important data since industry data shows that less than 30% of vulnerabilities are fixed within a month after being discovered.

 

This is the hidden content, please

• Sign In
• or
• Sign Up