GitHub on Wednesday announced two new security features designed to help developers identify vulnerabilities and potential secrets in their code. The
GitHub on Wednesday announced two new security features designed to help developers identify vulnerabilities and potential secrets in their code.
The company announced several new products at its Satellite virtual conference, including ones aimed at helping customers write and consume more secure code.
These new security features, code scanning and secret scanning, are currently in beta. GitHub says code scanning helps developers identify potential vulnerabilities in every “git push,” with results being displayed directly in their pull requests.
The code scanning feature leverages the CodeQL code analysis engine. CodeQL has been offered for free to open source projects as part of an initiative announced by GitHub last year, and the company says the new code scanning feature will be free as well for open source software.
As for secret scanning, the feature allows users to find potentially sensitive data in code, such as tokens, encryption keys and user credentials. The feature has been available for public repositories since 2018 and GitHub has been working with companies such as AWS, Microsoft, Google, Stripe, Twilio and npm to expand coverage. GitHub says secret scanning is now also available for private repositories.
“Code scanning and secret scanning are available for free for all public repositories, and available as part of GitHub Advanced Security,” GitHub said.
GitHub on Wednesday also unveiled Private Instances, an upcoming feature for enterprise customers.
“Private Instances provides enhanced security, compliance, and policy features including bring-your-own-key encryption, backup archiving, and compliance with regional data sovereignty requirements,” the company explained.