GitHub has launched a machine learning-powered code scanning analysis feature to remove the common security vulnerabilities before it moves to production. The scanner will detect patterns like cross-site scripting (XSS), path injection, NoSQL injection and SQL injection. The feature is now available in public beta.
Sign up for your weekly dose of what's up in emerging technology.
GitHub’s code scanner uses the CodeQL analysis engine. The open source queries are written by members of the community and GitHub security experts. If any vulnerabilities are flagged, an alert pops up in the Security tab. The alerts will have an ‘Experimental’ label, and will also be shown in the Pull Requests tab.
The new experimental analysis can have a higher false-positive rate relative to results from standard CodeQL analysis. But the results will improve over time.