Description
Enabling GitHub Code Scanning is like inviting a team of security researchers to review your every pull request. By configuring Code Scanning with either CodeQL or one of our static code analysis partners you can make sure that all of your code is reviewed seamlessly for security vulnerabilities before going to production.
5:45 - demo - enable the feature
8:37 - demo - review scan results
GitHub Code Scanning goes GA
https://github.blog/2020-09-30-code-scanning-is-now-available/
Code Scanning partners
https://github.blog/2020-10-07-announcing-third-party-code-scanning-tools-infrastructure-as-code-and-container-scanning/
Code Scanning set up
https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning
Learning CodeQL
https://securitylab.github.com/tools/codeql
Justin Hutchings:
GitHub - https://github.com/jhutchings1
Twitter - https://twitter.com/jhutchings0
Sasha Rosenbaum:
GitHub - https://github.com/DivineOps
Twitter - https://twitter.com/DivineOps
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
Google+: http://google.com/+github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com