22/02/2022
GitHub has launched in test mode the Code Scanning service based on machine learning algorithms. The tool scans the code and identifies common types of vulnerabilities in it. So far, the function only works in repositories with JavaScript and TypeScript code. ๐ฅ
According to the company, Code Scanning is able to detect errors that lead to cross-site scripting, file path corruption, and SQL and NoSQL query substitution. The function is implemented based on the CodeQL tool. Code review is triggered every time a git push command is executed, and the result is committed to a pull request.๐
The experimental tool is available by default to users of the security-extended and security-and-quality code analysis suites. You can also enable this feature manually. ๐ป
The results of the check are displayed in the security tab of the repository. Representatives of the service emphasize that all the results of the work of experimental functions are clearly marked with a special Experimental icon. ๐
Also, last week GitHub added native support for the dynamic chart generator Mermaid.js. Now all code blocks in README files marked with the mermaid tag are automatically rendered into diagrams. ๐