1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • GitHub launches code scanning scheme to hunt down vulnerabilities

    From TechnologyDaily@1337:1/100 to All on Fri Feb 18 17:00:04 2022
    GitHub launches code scanning scheme to hunt down vulnerabilities

    Date:
    Fri, 18 Feb 2022 16:41:00 +0000

    Description:
    Feature is now in public beta for JavaScript and TypeScript Github users.

    FULL STORY ======================================================================

    Software hosting service provider GitHub has released a new experimental feature that aims to rid the code of some of the more common security vulnerabilities, as early in production, as possible.

    The new automatic scanner is powered by machine learning (ML), which will
    scan the incoming code, written in TypeScript and JavaScript, for four common vulnerabilities: cross-site scripting (XSS), path injection, NoSQL injection, and SQL Injection, reducing the chances for malware abuse.

    The feature is now in public beta for the two abovementioned programming languages. More secure code

    The new experimental JavaScript and TypeScript analysis is rolled out to all users of code scannings security-extended and security-and-quality analysis suites, explained GitHub's Tiferet Gazit and Alona Hlobina.

    "Together, these four vulnerability types account for many of the recent vulnerabilities (CVEs) in the JavaScript/TypeScript ecosystem, and improving code scanning's ability to detect such vulnerabilities early in the development process is key in helping developers write more secure code, the pair added.

    If the submitted code has any of the abovementioned vulnerabilities, an alert will show up in the repositorys Security tab. These alerts will have an Experimental label, and will also be available via the pull requests tab. Automating everything Read more

    GitHub is making it easier to manage all your company's accounts


    AI will soon outperform us in disciplines we thought were uniquely human


    Searching through your code just got easier in GitHub

    Obviously, that doesn't mean developers should stop hunting for flaws, as
    many will probably still make it past the scanner, and end up being abused on vulnerable endpoints .

    GitHub has been hard at work lately as it looks to automate as much work as possible for its users. Besides automating flaw detection, it added a feature that will pretty much write the code for you, as well as one to help developers search through their code easier.

    The writing system, called GitHub Copilot , has been trained on billions of lines of code available in public repositories, including those on GitHub. Microsoft and GitHub developed Copilot together with OpenAI, an AI research startup that Microsoft has been investing in since 2019. Check out the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/github-launches-code-scanning-scheme-to-hunt-do wn-vulnerabilities/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)