GitHub has announced that beta versions of code scanning and secret scanning capabilities are now freely available for all public repositories as part of GitHub Advanced Security.
According to the GitHub blog, code scanning, which utilizes the CodeQL analysis engine, is available as a GitHub-native experience. With the feature enabled, “every ‘git push’ is scanned for new potential security vulnerabilities, and results are displayed directly in your pull request.”
Secret scanning – the feature formerly known as token scanning, which has been available for public repositories since 2018 – is now available for private repositories. According to the blog, “secret scanning also watches private repositories for known secret formats and immediately notifies developers when they are found.” You can sign up through GitHub now to take advantage of these beta features.
Comments