1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New GitHub code scanning tech should make it easier to spot secur

    From TechnologyDaily@1337:1/100 to All on Tue Jan 10 15:00:03 2023
    New GitHub code scanning tech should make it easier to spot security flaws

    Date:
    Tue, 10 Jan 2023 14:47:15 +0000

    Description:
    GitHub is offering users a new way to enable code scanning and hopefully spot issues before they worsen.

    FULL STORY ======================================================================

    GitHub now allows developers to scan their code for the default setup repository, hopefully helping them to spot any security issues before they escalate.

    With this new feature, Github says developers will be able to configure the repository automatically, and with as little effort as possible.

    GitHubs code scanning is powered by its CodeQL engine, and while it supports
    a wide variety of compilers, so far the feature is only available for Python, JavaScript, and Ruby.That should change soon, said GitHubs Walker Chabbott,
    as the company now seeks to expand the support to additional languages by summer. Simplifying bug hunting

    Those looking to test out the new feature should open up their repositorys settings, navigate to Code security and analysis, and click the Set up drop-down menu. There, theyll find the Default option.

    "When you click on 'Default,' you'll automatically see a tailored configuration summary based on the contents of the repository," Chabbott said in the blog post. "This includes the languages detected in the repository,
    the query packs that will be used, and the events that will trigger scans. In the future, these options will be customizable." Read more

    GitHub launches Copilot for businesses


    GitHub brings free secret scanning to all public repositories


    Here's our rundown of the best endpoint protection tools around

    Once Enable CodeQL is turned on, the feature will automatically start looking for flaws in the repository.

    The CodeQL code analysis engine, BleepingComputer reminds, was added to the GitHub platform in September 2019, following the latters acquisition.

    After a year in beta testing, general availability was announced in September 2020. During the beta stage, the tool scanned more than 12,000 repositories, 1.4 million times, and found more than 20,000 security vulnerabilities. Some of these were of high severity, including remote code execution (RCE), SQL injection, and cross-site scripting (XSS).

    Scanning the code is free of charge for all, the publication added, stressing that Enterprise users can also benefit from it, via the GitHub Advanced Security for GitHub Enterprise. Here are the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/new-github-code-scanning-tech-should-make-it-ea sier-to-spot-security-flaws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)