GitHub launches code scanning to unearth vulnerabilities early

GitHub launches code scanning to unearth vulnerabilities early
  • GitHub is officially launching a new code-scanning tool, designed to help developers identify vulnerabilities in their code before it’s deployed to the public.
  • The new feature is the result of an acquisition last year when GitHub snapped up San Francisco-based code analysis platform Semmle; the Microsoft-owned code-hosting platform revealed at the time that it would make Semmle’s CodeQL analysis engine available natively across all open source and enterprise repositories.
  • After several months in beta, code scanning is now rolling out to all developers.