GitHub Rolls Out New AI-Powered Code Scanning Security Alerts
With this new code scanning analysis tool, developers can now scan projects written in both languages to look for common vulnerability patterns, including path injection, SQL injection, NoSQL injection, cross-site scripting (XSS). Typically, the threat actors abuse these security vulnerabilities to run malicious programs on targeted machines.
GitHub users can view the new security alerts with an ‘Experimental’ label via the ‘Security’ tab of each repository. There is also an option to monitor these alerts through the pull requests tab.
GitHub’s new code scanning feature works on top of CodeQL
Under the hood, code-scanning functionality in GitHub runs on top of CodeQL, a code analysis engine launched in 2019 to detect multiple variants of the same security threat across codebases. “To detect vulnerabilities in a repository, the CodeQL engine first builds a database that encodes a special relational representation of the code. On that database we can then execute a series of CodeQL queries, each of which is designed to find a particular type of security problem,” explained Tiferet Gazit, Senior Machine Learning Engineer at GitHub.
Keep in mind that the experimental analysis tool is still a work in progress, and GitHub users may notice a higher false-positive detections rate. However, Microsoft noted that the accuracy of its machine learning models is expected to improve over time.
More in Developer
GitHub Copilot AI Coding Assistant Launches with a $10/Month Subscription Fee
Jun 22, 2022 | Rabia Noureen
Microsoft Releases First ARM64 Preview of Visual Studio for Windows 11
Jun 15, 2022 | Rabia Noureen
GitHub to Discontinue Atom Text Editor on December 15
Jun 13, 2022 | Rabia Noureen
Build 2022: GitHub Copilot will be Free for Open Source Contributors & Students This Summer
May 25, 2022 | Rabia Noureen
Build 2022: Windows 11 to Add Support for Third-Party Widgets Later This Year
May 24, 2022 | Rabia Noureen
GitHub to Require All Code Contributors to Enable 2FA by Late 2023
May 5, 2022 | Rabia Noureen
Most popular on petri