GitHub launches code scanning scheme for security vulnerabilities
The feature is now in public beta for the two abovementioned programming languages.
More secure code
If the submitted code has any of the abovementioned vulnerabilities, an alert will show up in the repository’s Security tab. These alerts will have an “Experimental” label, and will also be available via the pull requests tab.
Obviously, that doesn’t mean developers should stop hunting for flaws, as many will probably still make it past the scanner, and end up being abused on vulnerable endpoints.
GitHub has been hard at work lately as it looks to automate as much work as possible for its users. Besides automating flaw detection, it added a feature that will pretty much write the code for you, as well as one to help developers search through their code easier.
The writing system, called GitHub Copilot, has been trained on billions of lines of code available in public repositories, including those on GitHub. Microsoft and GitHub developed Copilot together with OpenAI, an AI research startup that Microsoft has been investing in since 2019.