Saturday, December 2, 2023

Default Setup – A New Option to Set Up Code Scanning on GitHub

The GitHub code scanning feature has been enhanced with a new option called “default setup,” designed to assist developers in setting up code scanning with only a few clicks and make it easier to configure it automatically.

GitHub’s code scanning is powered by the CodeQL code analysis engine. This engine supports many languages and compilers, including those that power GitHub’s code analysis. Only the following language repositories have the new option available to them:- 

Over the next six months, Walker Chabbott, GitHub’s product marketing manager, declared that the company is looking at expanding its support to a number of languages, GitHub Said.

How to use the new code scanning setup option?

Here are the simple steps you need to follow in order to use the new option for setting up code scanning:-

  • First of all, in your repo’s settings, you have to navigate to “Code security and analysis”.
  • Then click the “Set up” drop-down menu.
  • After that choose the Default option.
  • That’s it, now you are done.

The default configuration summary will be automatically generated based on repository contents when you click on this ‘Default’ option.

There are a number of things that fall under this category, including:-

  • Languages detected in the repository
  • Query packs that will be used
  • Events that will trigger scans

This option will be customizable in the future so that users can choose what works best for them. When you click “Enable CodeQL,” it will begin scanning the repo for vulnerabilities to help you create more secure software by finding and patching the flaws it discovers.

Since Semmle code-analysis platform was acquired by GitHub in September 2019, the CodeQL code-analysis engine has been added to its capabilities to further enhance the GitHub platform.

In May 2020, GitHub Satellite announced the first beta version of its code scanning solution, and in September 2020, the service was made generally available.

In addition to code scanning, GitHub offers an advanced security feature for GitHub Enterprise private repositories as part of its advanced security features, which is free for all public repositories on GitHub.

Network Security Checklist – Download Free E-Book

Website

Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles