GitHub has announced that its code scanning feature is now available. The new code scanning capability scans code as it is created and provides reviews within pull requests and other GitHub experience. This automating of security helps ensure that vulnerabilities never make it to production, the company explained.
Code scanning integrates with GitHub Actions and is powered by the code analysis engine CodeQL. Developers can use the more than 2,000 CodeQL queries that have been created by GitHub and the community, or create custom queries to find and prevent security issues.
This new feature is also built on the open SARIF standard and is extensible, meaning open source and commercial security testing tools can be added to it.
According to GitHub, since the beta in May, 12,000 repositories have scanned 1.4 million times, resulting in 20,000 found security issues; developers fixed 72% of security issues; there have been 132 community contributions to CodeQL; and GitHub has partnered with over a dozen security vendors.
The solution is currently free for all public repositories.