Semmle: GitHub’s repository code scanning security feature exiting beta


Published on:

The Microsoft subsidiary, GitHub as announced the implementation of a code scanning system, Semmle, to improve repository security.

A year ago, GitHub welcomed Semmle to easily find security vulnerabilities before they reach production. Since then, they have been working to bring the code analysis capabilities of their CodeQL technology to GitHub users as a native capability. 

The first beta version was released in May thanks to thousands of community developers who tested it and provided feedback, and the system is now widely available. Recently GitHub also released CLI 1.0 tool to bring almost the entire GitHub workflow into the terminal.

As we already mentioned, code scanning is powered by CodeQL, the world’s most powerful code analysis engine. Developers can use the 2,000+ CodeQL queries created by GitHub and the community or create custom queries to easily find and prevent new security issues.

Semmle can be activated in all public repositories. If the code scanning feature is activated, as the code is created, the system will scan it and highlight areas that could be exploited in the future. The hope is that by catching bugs early, the number of security incidents facing the global industry can be reduced.

The code scanning feature checks every pull request and every commit for known security holes. The function is intended to help prevent these gaps from entering production. If weak points are discovered, the feature requests the developers involved in the repo in so-called security reviews to revise their code accordingly — until the Semmle does not find any further weak points.

You can configure the code scanning function via the security tab of each of your public repositories. You can read more, in-depth details and user reports in the official blog post for the release on the GitHub blog.

Sabarinath is the founder and chief-editor of Code and Hack. With an unwavering passion for all things futuristic tech, open source, and coding, he delves into the world of emerging technologies and shares his expertise through captivating articles and in-depth guides. Sabarinath's unique ability to simplify complex concepts makes his writing accessible and engaging for coding newbies, empowering them to embark on their coding journey with confidence. With a wealth of knowledge and experience, Sabarinath is dedicated to providing valuable insights, staying at the forefront of technological advancements, and inspiring readers to explore the limitless possibilities of the digital realm.

Related Posts:

Leave a Reply

Please enter your comment!
Please enter your name here