GitHub Launches Code Scanning

GitHub's code-scanning tool helps you identify vulnerabilities in your code before it’s deployed to the public.

Recently, GitHub officially released a new code-scanning tool, designed to help developers identify vulnerabilities in their code before it’s deployed to the public.
 
Code scanning is available in public repositories, and in public and private repositories owned by organizations with a license for Advanced Security.
 
GitHub said that you can use this tool to find, triage, and prioritize fixes for existing problems in your code. Code scanning also prevents you from introducing new problems. Developers can schedule scans for specific days and times, and/or trigger scans when a specific event occurs in the repository, for example, a push.
 
Whenever code scanning detects a potential vulnerability or error in your code, GitHub displays an alert in the repository. When you are done fixing the code that triggered the alert, GitHub closes the alert.
 
 
Source: Github
 
Well, to monitor results from code scanning across your repositories or your organization, you can make use of the code scanning API.
 
GitHub said that you can make use of code scanning with CodeQL, which is a semantic code analysis engine. Since CodeQL treats code as data, it allows you to find potential vulnerabilities in your code with greater confidence than traditional static analyzers.
 
Code scanning with CodeQL supports both compiled and interpreted languages, and can find vulnerabilities and errors in code that's written in the supported languages.
 
To learn more you can visit GitHub.