After 4 months beta-testing, GitHub has rolled out a new source code scanning service that will find security vulnerabilities in your home-grown software or open source tools. During the testing over 20,000 security vulnerabilities were discovered across 12,000 different projects including Remote Code Execution, SQL Injection and Cross Site-Scripting (XSS) flaws.
GitHub is a Microsoft owned software repository – a place to store and manage the source code created by your developers. When a developer saves a new version of a source code file GitHub can automatically test the code for security vulnerabilities with 10 different third party scanning engines – ensuring vulnerabilities can be identified and fixed before the software is deployed onto live systems. Code scanning is turned on at the repository level and is available for public repositories and those owned by organisations who license GitHub’s Advanced Security.
Essential security tools like firewalls can protect your software from attack, and penetration testing can identify vulnerabilities in that software – and with the addition of source code scanning fewer vulnerabilities make it through to production systems in the first place for the bad guys to exploit.