GitHub now allows developers to scan their code for the “default setting” repository, which will help them detect potential security issues before they grow.
According to Github, with this new feature, developers will be able to configure the repository automatically and with as little effort as possible. It eases the work involved in scanning code in Python, JavaScript, and Ruby repositories.
Code scanning on GitHub is done using the CodeQL engine, and while it supports a wide variety of compilers, the feature is currently only available for Python, JavaScript, and Ruby. GitHub’s Walker Chabot says this will change very soon as the company looks to expand support to additional languages and will aim to have this in place by the summer.
Once “Enable CodeQL” is enabled the feature will automatically start looking for flaws in the repository.
The official GitHub blog also says that code scanning is free for everyone, and that enterprise users can also take advantage of it through the GitHub Advanced Security for GitHub Enterprise service.