GitHub eases code vulnerability scanning

GitHub has unveiled the new "default setup" option to enable automated scanning of vulnerabilities in code within repositories, BleepingComputer reports. While default setup only currently supports JavaScript, Python, and Ruby repositories, GitHub will be moving to provide more support for more languages during the next six months, according to GitHub Product Marketing Manager Walker Chabbott. GitHub users could access the feature by going through their repository's settings and clicking the "Set up" drop-down menu within "Code security and analysis" and selecting the "Default" option. "When you click on 'Default,' you'll automatically see a tailored configuration summary based on the contents of the repository. This includes the languages detected in the repository, the query packs that will be used, and the events that will trigger scans. In the future, these options will be customizable," Chabbott added. Repository vulnerabilities could be scanned immediately once the "Enable CodeQL" option is selected. GitHub was able to integrate the CodeQL code analysis engine within its platform following its acquisition of the Semmle code-analysis platform in 2019.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.