GitHub has unveiled the new "default setup" option to enable automated scanning of vulnerabilities in code within repositories, BleepingComputer reports.
GitHub users could access the feature by going through their repository's settings and clicking the "Set up" drop-down menu within "Code security and analysis" and selecting the "Default" option.
"When you click on 'Default,' you'll automatically see a tailored configuration summary based on the contents of the repository. This includes the languages detected in the repository, the query packs that will be used, and the events that will trigger scans. In the future, these options will be customizable," Chabbott added.
Repository vulnerabilities could be scanned immediately once the "Enable CodeQL" option is selected. GitHub was able to integrate the CodeQL code analysis engine within its platform following its acquisition of the Semmle code-analysis platform in 2019.
A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.