GitHub automatically scans code for vulnerabilities with ‘default setup’
GitHub will make it possible to automatically scan certain repositories for vulnerabilities. With ‘default setup’ programmers can see directly in Python, JavaScript and Ruby repos if there are possible weaknesses in their code.
Default setup makes it according to GitHub possible to enable code scanning automatically, instead of having to set it up afterwards per repo via a yaml configuration file. The feature is available immediately from the settings menu, where other code scans and analyzes can also be enabled.
The new option allows users to extend the CodeQL analysis that GitHub already offers to “default”. That means all of a user’s public repos are directly analyzed according to the same CodeQL analysis. In addition, it remains possible to change the settings via yaml.
For now, the feature can only be used for Python, JavaScript and Ruby. In the future, GitHub plans to add all other languages that also work in CodeQL. That will happen in the next six months, based on the popularity of the programming language and how easily the feature can be converted for those languages, writes GitHub.
The feature is free to use for all public repositories, but private repos require an Advanced Security or Enterprise package.
GitHub implemented CodeQL analytics in 2019 after the platform acquired Semmle. A year later, code scanning became generally available for all public repos. GitHub recently released a feature it calls Dependabot. It scans repos for the presence of tokens and keys.