GitHub has launched a machine learning-powered code scanning analysis feature to remove the common security vulnerabilities before it moves to production. The scanner will detect patterns like cross-site scripting (XSS), path injection, NoSQL injection and SQL injection. The feature is now available in public beta.
“Together, these four vulnerability types account for many of the recent vulnerabilities (CVEs) in the JavaScript/TypeScript ecosystem, and improving code scanning‘s ability to detect such vulnerabilities early in the development process is key in helping developers write more secure code,” according to the official blog.
GitHub’s code scanner uses the CodeQL analysis engine. The open source queries are written by members of the community and GitHub security experts. If any vulnerabilities are flagged, an alert pops up in the Security tab. The alerts will have an ‘Experimental’ label, and will also be shown in the Pull Requests tab.
The new experimental analysis can have a higher false-positive rate relative to results from standard CodeQL analysis. But the results will improve over time.