Github has launched a new code scanning tool that it hopes will help developers spot bugs or vulnerabilities in their work.
The new feature, which is available now, allows developers to analyze their code in a GitHub repository to find security vulnerabilities and coding errors.
Any problems that are detected get displayed instantly via an alert in the repository, hopefully meaning that vulnerabilities never get deployed as part of a public release.
Github code scanning
“Code scanning is designed for developers first. Instead of overwhelming you with linting suggestions, code scanning runs only the actionable security rules by default so that you can stay focused on the task at hand,” Justin Hutchings, GitHub Senior Product Manager – Security & Open Source Intelligence, wrote in a blog post announcing the news.
Github says that users can use code scanning to find, triage, and prioritize fixes for existing problems in your code, as well as stopping outside developers from introducing new problems.
Code scanning can also be used with the CodeQL semantic code analysis engine, which treats code as data, allowing you to find potential vulnerabilities in your code with greater confidence than traditional static analyzers.
The launch is one of the first new features to be released since Github announced a major shake-up in how it keeps users informed about new changes and updates on its platform back in September.
For the first time, the Microsoft-owned database will start publicly publishing its roadmap for current and upcoming features.
Github has previously only shared details on new announcements at company events or trade shows, but says that in the current climate, more regular updates are needed.
For the latest tech news and updates, Install TechCodex App, and follow us on Google News, Facebook, and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.