GitHub can actively look for security holes in your code

The system has already caught 20,000 security issues.

Sponsored Links

Daniel Cooper
October 1st, 2020

GitHub, the Microsoft-owned code repository, has announced something that will hopefully make all our software much more secure. The platform has, after several months of testing, now launched code scanning, a system that will read through software looking for security holes. As the code is created, the system will now scan through it, highlighting areas that could be exploited in future. The hope is that, by catching errors ahead of time, the number of security incidents we all face could be reduced.

So far, GitHub has scanned 12,000 repositories 1.4 million times, with the company’s Justin Hutchings saying that it’s caught 20,000 security issues. That included holes that would have enabled remote code execution, SWL injection and cross-site scripting, of which 72 percent was fixed in the subsequent 30 days. Given that GitHub’s public libraries can be examined, worked on and adopted by lots of other GitHub users, that’s plenty of crises averted already. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget