With this new code scanning analysis tool, developers can now scan projects written in both languages to look for common vulnerability patterns, including path injection, SQL injection, NoSQL injection, cross-site scripting (XSS). Typically, the threat actors abuse these security vulnerabilities to run malicious programs on targeted machines.
GitHub users can view the new security alerts with an ‘Experimental’ label via the ‘Security’ tab of each repository. There is also an option to monitor these alerts through the pull requests tab.
Under the hood, code-scanning functionality in GitHub runs on top of CodeQL, a code analysis engine launched in 2019 to detect multiple variants of the same security threat across codebases. “To detect vulnerabilities in a repository, the CodeQL engine first builds a database that encodes a special relational representation of the code. On that database we can then execute a series of CodeQL queries, each of which is designed to find a particular type of security problem,” explained Tiferet Gazit, Senior Machine Learning Engineer at GitHub.
Keep in mind that the experimental analysis tool is still a work in progress, and GitHub users may notice a higher false-positive detections rate. However, Microsoft noted that the accuracy of its machine learning models is expected to improve over time.