Wednesday, December 25, 2024
Homecyber securityDefault Setup - A New Option to Set Up Code Scanning on...

Default Setup – A New Option to Set Up Code Scanning on GitHub

Published on

SIEM as a Service

The GitHub code scanning feature has been enhanced with a new option called “default setup,” designed to assist developers in setting up code scanning with only a few clicks and make it easier to configure it automatically.

GitHub’s code scanning is powered by the CodeQL code analysis engine. This engine supports many languages and compilers, including those that power GitHub’s code analysis. Only the following language repositories have the new option available to them:- 

Over the next six months, Walker Chabbott, GitHub’s product marketing manager, declared that the company is looking at expanding its support to a number of languages, GitHub Said.

- Advertisement - SIEM as a Service

How to use the new code scanning setup option?

Here are the simple steps you need to follow in order to use the new option for setting up code scanning:-

  • First of all, in your repo’s settings, you have to navigate to “Code security and analysis”.
  • Then click the “Set up” drop-down menu.
  • After that choose the Default option.
  • That’s it, now you are done.

The default configuration summary will be automatically generated based on repository contents when you click on this ‘Default’ option.

There are a number of things that fall under this category, including:-

  • Languages detected in the repository
  • Query packs that will be used
  • Events that will trigger scans

This option will be customizable in the future so that users can choose what works best for them. When you click “Enable CodeQL,” it will begin scanning the repo for vulnerabilities to help you create more secure software by finding and patching the flaws it discovers.

Since Semmle code-analysis platform was acquired by GitHub in September 2019, the CodeQL code-analysis engine has been added to its capabilities to further enhance the GitHub platform.

In May 2020, GitHub Satellite announced the first beta version of its code scanning solution, and in September 2020, the service was made generally available.

In addition to code scanning, GitHub offers an advanced security feature for GitHub Enterprise private repositories as part of its advanced security features, which is free for all public repositories on GitHub.

Network Security Checklist – Download Free E-Book

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary...

CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency...

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

DMD Diamond - one of the oldest blockchain projects in the space has announced the...