Tag: CodeQL
-
How AI enhances static application security testing (SAST)
In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security …
-
Fixing security vulnerabilities with AI
In November 2023, we announced the launch of code scanning autofix, leveraging AI to suggest fixes for security vulnerabilities in users’ …
-
The architecture of SAST tools: An explainer for developers
In today’s age of shifting left—an approach to coding that integrates security checks earlier into the software development lifecycle …
-
AppSec is harder than you think. Here’s how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. Most AppSec tools, even those that claim to be …
-
Securing our home labs: Frigate code review
At GitHub Security Lab, we are continuously analyzing open source projects in line with our goal of keeping the software ecosystem safe. …
-
Swift support brings broader mobile application security to GitHub Advanced Security
Mobile applications have become a fundamental part of everyday life, from how we work, communicate, and entertain ourselves. We rely on …
-
Manage your application security stack effectively with the tool status page
As a developer, there’s a variety of application security tools that you can use to help secure your applications. It’s not uncommon to …
-
Multi-repository enablement: effortlessly scale code scanning across your repositories
In January, we launched default setup, a new way to enable code scanning. Default setup has been a game changer, allowing you to enable …
-
Multi-repository variant analysis: a powerful new way to perform security research across GitHub
The security community identifies new vulnerabilities at an astonishing rate and helps developers all over the world secure their code. …
-
GitHub Enhances CodeQL, Extends Language Support, Available Queries, and More
After adding support for Ruby at GitHub Universe 2022, CodeQL introduced Kotlin support in beta. Additionally, support for other languages …
-
Default setup: A new way to enable GitHub code scanning
At Github, we want to make it easy to develop secure software. This means building security tools that provide a frictionless experience …
-
Best practices on rolling out code scanning at enterprise scale
As a Solutions Engineer at GitHub, I partner with our Enterprise customers to ensure they get the most out of GitHub. That often comes in …
●●●