GitHub last week launched a code-scanning tool to help developers identify flaws in code prior to its public rollout.
A result of GitHub’s takeover last year of code analysis platform Semmle, the new tool is a static application security testing solution that converts code into a queryable format, then searches for vulnerability patterns.
The tool automatically identifies flaws and errors in code revisions in real time, alerting the developer before the code approaches production.
GitHub said during the scanner's beta-testing phase it scanned more than 12,000 repositories more than 1 million times, discovering 20,000 vulnerabilities; developers and maintainers corrected 72% of these errors within 30 days.
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA