GitHub is one of the most popular services on the Internet for hosting projects. It is mainly used for the creation of source code for computer programs. Sometimes problems may arise that affect the safety of users. There may be vulnerabilities that are exploited by hackers to carry out their attacks. In this article we cover a new tool that GitHub has launched to scan for security flaws.
GitHub launches a tool to search for security flaws
From GitHub they have launched a new code scanning tool that helps developers detect vulnerabilities before the application reaches production. In this way they would avoid problems that affect safety.
This tool was initially announced in May, although from now on it is available to anyone. Any user can enable it to form a public repository. It arises as a result of the acquisition of Semmle last year.
As we know, Semmle is a code analysis platform that helps developers write queries that identify code patterns in large databases and search for vulnerabilities and their variants.
The code scanning tool is powered by the CodeQL technology of the code analysis engine for GitHub users as a native capability. The tool integrates with GitHub Actions, or your existing environment, to maximize team flexibility.
It has already detected tens of thousands of bugs
As we have indicated, this tool was announced a few months ago. Until now it has been available in beta version . This has allowed that in this time they have scanned more than 12,000 repositories, more than 1.4 million times. They have found more than 20,000 security issues, including remote code execution, SQL injection, or cross-site scripting vulnerabilities.
The tool has helped developers fix 72% of security bugs before moving the application to the production environment. Something very interesting to prevent problems later that could affect other users.
Keep in mind that this GitHub tool is completely free for public repositories. Users can access it.
Security is a very important factor for users, so we must always take these types of tools into account to protect equipment, applications and any tool that we use. There are many attacks that can be present on the network, but in most cases they are based on existing vulnerabilities and flaws. Hence the importance of correcting them on time.
We leave you an article where we show some tips to prevent malware from entering computers. A series of recommendations that we can apply in our day to day to improve security and avoid those problems that can damage the proper functioning of the systems.