Hosting service GitHub has added a new feature to automatically configure code scanning on your repositories.
This new feature, called “Default Setup”, simplifies getting started with code scanning in your repositories using Python, JavaScript, and Ruby.
“With just a few clicks, code scanning can now be enabled without a .yaml file. We will be able to protect a lot of software,” the company wrote. blog post on Monday.
This new feature works with repositories[設定]tab’s[セキュリティ]under the heading[コードのセキュリティと分析]already available in the section.
“When enabled, you’ll gain instant insight from code scanning within your code, allowing you to quickly find and fix vulnerabilities without interrupting your workflow,” writes GitHub Product Marketer Walker Chabbott. .
The company also clarified that manual scanning via .yaml files is still possible, but is now under an “advanced” option that allows for customized code scanning.
“If the repository doesn’t support the default settings, the option will be greyed out,” added Chabbott.
opposite side[デフォルト]Click to automatically see a configuration summary adjusted based on the contents of the repository.
“This includes the language detected in the repository, the query pack used, and the event that triggers the scan. In the future, these options will be customizable,” explains Chabbott. bottom.
“After checking the configuration,[CodeQL を有効にする]Click to automatically run a code scan on your repository. It’s that easy!
GitHub says the new feature is part of the company’s commitment to building security tools that provide a frictionless experience for developers.
To this end, the company will start offering incognito scanning and enabling Dependabot in late 2022.
In other GitHub security news, the company said Enforcing two-factor authentication (2FA) in May 2022, most recently Private vulnerability reports.
