Like the idea of scanning for basic vulnerabilities. and ultimately linking to code automation. Further would like these to be adapted to specific domain risk analysis. Have not seen this in the enterprise.
GitHub Launches Code Scanning to Unearth Vulnerabilities Early in VentureBeat, by Paul Sawers
GitHub last week launched a code-scanning tool to help developers identify flaws in code prior to its public rollout. A result of GitHub’s takeover last year of code analysis platform Semmle, the new tool is a static application security testing solution that converts code into a queryable format, then searches for vulnerability patterns. It automatically identifies flaws and errors in code revisions in real time, alerting the developer before the code approaches production. GitHub said during the scanner's beta-testing phase it scanned more than 12,000 repositories more than 1 million times, discovering 20,000 vulnerabilities; developers and maintainers corrected 72% of these errors within 30 days. ... '
No comments:
Post a Comment