GitHub launches code scanner to flag security vulnerabilities

The new experimental analysis can have a higher false-positive rate relative to results from standard CodeQL analysis.

GitHub has launched a machine learning-powered code scanning analysis feature to remove the common security vulnerabilities before it moves to production. The scanner will detect patterns like cross-site scripting (XSS), path injection, NoSQL injection and SQL injection. The feature is now available in public beta.

“Together, these four vulnerability types account for many of the recent vulnerabilities (CVEs) in the JavaScript/TypeScript ecosystem, and improving code scanning‘s ability to detect such vulnerabilities early in the development process is key in helping developers write more secure code,” according to the official blog.

GitHub’s code scanner uses the CodeQL analysis engine. The open source queries are written by members of the community and GitHub security experts. If any vulnerabilities are flagged, an alert pops up in the Security tab. The alerts will have an ‘Experimental’ label, and will also be shown in the Pull Requests tab. 

The new experimental analysis can have a higher false-positive rate relative to results from standard CodeQL analysis. But the results will improve over time.

Download our Mobile App

Poulomi Chatterjee
Poulomi is a Technology Journalist with Analytics India Magazine. Her fascination with tech and eagerness to dive into new areas led her to the dynamic world of AI and data analytics.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Upcoming Events

15th June | Online

Building LLM powered applications using LangChain

17th June | Online

Mastering LangChain: A Hands-on Workshop for Building Generative AI Applications

Jun 23, 2023 | Bangalore

MachineCon 2023 India

26th June | Online

Accelerating inference for every workload with TensorRT

MachineCon 2023 USA

Jul 21, 2023 | New York

Cypher 2023

Oct 11-13, 2023 | Bangalore

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

Is Sam Altman a Hypocrite? 

While on the one hand, Altman is advocating for the international community to build strong AI regulations, he is also worried when someone finally decides to regulate it