GitHub Code Scanning Now Detects Additional Security Flaws

Github, the well-known code hosting platform, has recently released new analysis features that have the role to automate the identification of new security flaws before they reach production. These features are designed on machine learning-based code scanning.

New Scanning Analysis Features Implemented by GitHub: More Details

The new features implemented by GitHub are currently accessible for JavaScript and TypeScript GitHub repositories.

Tiferet Gazit together with Alona Hlobina from Github said in a blog post that

With the new analysis capabilities, code scanning can surface even more alerts for four common vulnerability patterns: cross-site scripting (XSS), path injection, NoSQL injection, and SQL injection. (…) Together, these four vulnerability types account for many of the recent vulnerabilities (CVEs) in the JavaScript/TypeScript ecosystem, and improving code scanning’s ability to detect such vulnerabilities early in the development process is key in helping developers write more secure code.

Source

The security flaws that this new experimental code analysis will identify will appear as alerts in the tab called ‘Security’ in the enrolled repositories section, alerts that will be labeled as “Experimental”. You can see a display of this below:

Source

After GitHub bought code-analysis platform Semmle in September 2019, the CodeQL code analysis engine,

Read More: https://heimdalsecurity.com/blog/github-code-scanning-now-detects-additional-security-flaws/