Valuable tool from GitHub:
Code scanning, which is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. We’re thrilled to announce the general availability of code scanning.
Code scanning helps you prevent security issues in code.
Exciting results so far!
• Since introducing the beta in May, we’ve seen tremendous adoption within the community:
We’ve scanned over 12,000 repositories 1.4 million times, and found more than 20,000 security issues including remote code execution (RCE), SQL injection, and cross site scripting (XSS) vulnerabilities.
• Developers and maintainers fixed 72% of reported security errors identified in their pull requests before merging in the last 30 days. We’re proud to see this impact, given industry data shows that less than 30% of all flaws are fixed one month after discovery.
• We’ve had 132 community contributions to CodeQL’s open sourced query set.
• We’ve partnered with more than a dozen open source and commercial security vendors to allow developers to run CodeQL and industry leading solutions for SAST, container scanning, and infrastructure as code validation side-by-side in GitHub’s native code scanning experience.
https://github.blog/2020-09-30-code-scanning-is-now-available/
