GitHub can actively look for security holes in your code

The system has already caught 20,000 security issues.


GitHub, the Microsoft-owned code repository, has announced something that will hopefully make all our software much more secure. The platform has, after several months of testing, now launched code scanning, a system that will read through software looking for security holes. As the code is created, the system will now scan through it, highlighting areas that could be exploited in future. The hope is that, by catching errors ahead of time, the number of security incidents we all face could be reduced.

So far, GitHub has scanned 12,000 repositories 1.4 million times, with the company’s Justin Hutchings saying that it’s caught 20,000 security issues. That included holes that would have enabled remote code execution, SWL injection and cross-site scripting, of which 72 percent was fixed in the subsequent 30 days. Given that GitHub’s public libraries can be examined, worked on and adopted by lots of other GitHub users, that’s plenty of crises averted already.