GitHub launches code scanner to flag security vulnerabilities

The new experimental analysis can have a higher false-positive rate relative to results from standard CodeQL analysis.

Advertisement

GitHub has launched a machine learning-powered code scanning analysis feature to remove the common security vulnerabilities before it moves to production. The scanner will detect patterns like cross-site scripting (XSS), path injection, NoSQL injection and SQL injection. The feature is now available in public beta.

“Together, these four vulnerability types account for many of the recent vulnerabilities (CVEs) in the JavaScript/TypeScript ecosystem, and improving code scanning‘s ability to detect such vulnerabilities early in the development process is key in helping developers write more secure code,” according to the official blog.

THE BELAMY

Sign up for your weekly dose of what's up in emerging technology.

GitHub’s code scanner uses the CodeQL analysis engine. The open source queries are written by members of the community and GitHub security experts. If any vulnerabilities are flagged, an alert pops up in the Security tab. The alerts will have an ‘Experimental’ label, and will also be shown in the Pull Requests tab. 

The new experimental analysis can have a higher false-positive rate relative to results from standard CodeQL analysis. But the results will improve over time.

More Great AIM Stories

Poulomi Chatterjee
Poulomi is a Technology Journalist with Analytics India Magazine. Her fascination with tech and eagerness to dive into new areas led her to the dynamic world of AI and data analytics.

Our Upcoming Events

Conference, in-person (Bangalore)
MachineCon 2022
24th Jun

Conference, Virtual
Deep Learning DevCon 2022
30th Jul

Conference, in-person (Bangalore)
Cypher 2022
21-23rd Sep

3 Ways to Join our Community

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Telegram Channel

Discover special offers, top stories, upcoming events, and more.

Subscribe to our newsletter

Get the latest updates from AIM
MORE FROM AIM
Amit Raja Naik
Oh boy, is JP Morgan wrong?

The global brokerage firm has downgraded Tata Consultancy Services, HCL Technology, Wipro, and L&T Technology to ‘underweight’ from ‘neutral’ and slashed its target price by 15-21 per cent.