GitHub Rolls Out New AI-Powered Code Scanning Security Alerts
With this new code scanning analysis tool, developers can now scan projects written in both languages to look for common vulnerability patterns, including path injection, SQL injection, NoSQL injection, cross-site scripting (XSS). Typically, the threat actors abuse these security vulnerabilities to run malicious programs on targeted machines.
GitHub users can view the new security alerts with an ‘Experimental’ label via the ‘Security’ tab of each repository. There is also an option to monitor these alerts through the pull requests tab.
GitHub’s new code scanning feature works on top of CodeQL
Under the hood, code-scanning functionality in GitHub runs on top of CodeQL, a code analysis engine launched in 2019 to detect multiple variants of the same security threat across codebases. “To detect vulnerabilities in a repository, the CodeQL engine first builds a database that encodes a special relational representation of the code. On that database we can then execute a series of CodeQL queries, each of which is designed to find a particular type of security problem,” explained Tiferet Gazit, Senior Machine Learning Engineer at GitHub.
Keep in mind that the experimental analysis tool is still a work in progress, and GitHub users may notice a higher false-positive detections rate. However, Microsoft noted that the accuracy of its machine learning models is expected to improve over time.
More in Developer
PyTorch Discloses Internal Dependency Compromised with Malicious Code
Jan 4, 2023 | Rabia Noureen
GitHub Copilot for Business is Now Available with Admin Controls
Dec 12, 2022 | Rabia Noureen
GitHub Expands AI-Powered Copilot Tool to Business Customers
Nov 10, 2022 | Rabia Noureen
Microsoft Releases .NET 7 with Performance Enhancements and More
Nov 9, 2022 | Rabia Noureen
Microsoft's GitHub Copilot Hit with Lawsuit for Software Piracy
Nov 7, 2022 | Rabia Noureen
Microsoft Partners with Canonical to Add Native .NET 6 Support to Ubuntu 22.04
Aug 17, 2022 | Rabia Noureen
Most popular on petri