Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram youtube

Explore

SECTIONS

MORE

search button

LATEST HEADLINES

Digital Transformation
PODCAST: The year in review and a look at the year ahead
Security
Industry predictions for 2025 part 1: How will the industry itself change in the next 12 months
Security
Interview: Deepen Desai on the evolving threat landscape and AI risks and benefits
Tech
Industry predictions for 2025 part 1: Artificial intelligence advances, risks, and uptake
Security
Texas Tech University confirms data breach impacting medical records of 1.4m patients

LATEST HEADLINES

news image
Security
5G Networks reveals takeover bid of AUCyber

The Australian digital services firm has announced an unconditional, on-market takeover bid of the struggling cyber security ...

David HollingworthFri, 20 Dec 2024
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
Cyber Daily logo
VIEW ALL

GitHub introduces automatic scanning for code vulnerabilities

GitHub has long allowed users to scan their code for vulnerabilities by using a .yaml file, but the code repository is now introducing a new default set-up mode for scanning that does away with needing an extra document.

user icon David Hollingworth
Wed, 11 Jan 2023 Companies
GitHub introduces automatic scanning for code vulnerabilities
expand image

The default set-up will scan code written in JavaScript, Ruby, and Python, with plans to rollout support for all nine code families currently supported by GitHub within the next six months. The pace of the rollout will be based on which languages are most popular.

To get the scanning set-up, users need to navigate to the “Security setting under the Settings tab, and then scroll down to ‘Code security and analysis.

This will bring up the new code scanning set-up toolbox. Clicking the Set up button will give users two options — Default sets up automatic scanning without a .yaml file, while Advanced lets you customise code scanning with a distinct .yaml file.

The default set-up currently tailors its configuration based on the code it is scanning, including what queries will be run and how they’ll trigger. GitHub’s planning to make this process more customisable in the future.

Users can then click “Enable CodeQL and scanning will automatically commence.

If the repository you’re trying to set-up doesn’t support the new default set-up, the option will not be selectable.

“Enabling default set-up is the quickest way to set up code scanning for your repository,” GitHub says in the full documentation for the new feature. “Additionally, default set-up requires none of the maintenance necessary with a CodeQL workflow file. Before you enable default set-up, you'll see the languages it will analyse, the query suites it will run, and the events that will trigger a new scan.”

It will be a supreme irony if the various threat actors who also make use of GitHub to host their own malicious code will themselves take advantage of this feature.

Cyber Daily logo
VIEW ALL

We guess we’ll never know.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA