Default setup now includes scheduled scans and supports all languages covered by...
source link: https://github.blog/2023-12-13-default-setup-now-includes-scheduled-scans-and-supports-all-languages-covered-by-codeql/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Default setup now includes scheduled scans and supports all languages covered by CodeQL
We’ve added new improvements to default setup, including automatically scheduling scans on repositories and support for all CodeQL covered languages.
This year, we’ve made a number of improvements focused on simplifying the enablement process for code scanning. We started back in January with the release of default setup, which allows you to automatically enable code scanning on a repository in just a few clicks.
We then gave you the ability to rapidly scale code scanning through multi-repository enablement, allowing you to use default setup on groups of repositories or your entire organization at once. Now, we’re giving you even more flexibility in how you can use default setup, whether it’s at the org level or just on your own personal repository.
Default setup will now automatically set up scheduled scans, and we’ve expanded language coverage to all CodeQL supported languages.
Scheduled scanning keeps you continuously secure
Scheduled scans have always been a feature of code scanning, allowing scans to be run automatically on a fixed schedule. This helps continuously keep your repositories secure by helping you find and fix any new vulnerabilities that are introduced on a regular cadence. Default setup will now automatically schedule scans on a weekly basis, ensuring you’re seeing accurate and up-to-date alerts on your repositories.
Default setup now supports all CodeQL supported languages
CodeQL natively supports C, C++, JavaScript, TypeScript, Python, Ruby, Go, Kotlin/Java, Swift, and C#. Now, you can use the default setup on any repository using a CodeQL supported language. If a language fails, it will be automatically deselected from the configuration. The analysis and any alerts from the successful languages will be available.
This will ensure that default setup uses the best configuration for your repository, no matter what language(s) you’re using. With auto-deselecting you’ll have peace of mind, knowing that default setup can troubleshoot itself if any issues are encountered during the setup process. Default setup will also automatically evolve its configuration to include any new languages you add to your repository. If the new language fails, the previous configuration will be resumed, without you having to prompt it.
Learn more about GitHub security solutions
GitHub is committed to helping build safer and more secure software without compromising on the developer experience. To learn more or enable GitHub’s security features in repositories, check out the getting started guide.
The GitHub Insider Newsletter
Discover tips, technical guides, and best practices in our monthly newsletter for developers.
SubscribeMore on CodeQL
Securing our home labs: Frigate code review
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.
Addressing post-quantum cryptography with CodeQL
Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.
ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok
The effectiveness of a static application security solution hinges on its ability to provide extensive vulnerability coverage and support for a wide range of languages and frameworks. Today, we’re highlighting two releases that’ll help you discover more vulnerabilities in your codebase, so you can ship more secure software.
More on Security
Universe 2023: Copilot transforms GitHub into the AI-powered developer platform
GitHub is announcing general availability of GitHub Copilot Chat and previews of the new GitHub Copilot Enterprise offering, new AI-powered security features, and the GitHub Copilot Partner Program.
Your curated GitHub Universe agenda: AI, ethics, and productivity
Gain actionable insights about the intersection of AI and human skills, while tackling ethics, accessibility, and productivity at these GitHub Universe sessions.
Your ultimate guide to the GitHub Universe ‘23 agenda
Get a sneak peek into the must-attend sessions, speakers, workshops, and GitHub certifications available at our global developer event.
Recommend
-
62
Developer community programs Google is committed to advancing racial equity fo...
-
34
README.md eSpeak NG Text-to-Speech Features Documentation
-
9
Massively entertaining setup probably includes some computer gear [Setups]Some rooms ju...
-
5
-
6
Microsoft’s AI-powered Translator service now supports 100+ languages and dialects
-
5
Microsoft Translator Now Supports over 100 Languages and Dialects Oct 20, 2021...
-
10
Updates OCR (Read) supports 122 languages in the Cognitive...
-
9
microStudio now supports 4 programming languages: microScript, Python, JavaScript and Lua!This is quite the big update: you can now choose from 4 programming languages for your microStudio project: microScript,
-
0
Meta AI language translation machine supports 55 African languages
-
6
Redesigned Google Home app includes a setup flow for the Pixel Tablet’s alleged docking functionality Shortly after giving us our first look at the
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK