GitHub revealed on Wednesday two new security features designed to help developers find bugs and hidden secrets in their code.
At its Satellite Virtual Conference, the company unveiled many new products, including those designed to help customers write and access more safe code.
Both additional security features, code scanning and hidden scanning, are currently available in beta. GitHub says code scanning lets developers find possible vulnerabilities in any “git move,” with findings shown directly in their pull requests.
The Code Scan feature leverages the CodeQL Software Analysis engine. CodeQL has been offered free to open source projects as part of the program announced last year by GitHub, and the company says the new code scanning feature will be free as well as open source applications.
As far as secret scanning is concerned, this function helps users to locate potentially sensitive data in code, such as tokens, encryption keys and user credentials. The app has been open to public repositories since 2018, and GitHub has been partnering with organizations such as AWS, Microsoft, Facebook, Stripe, Twilio and npm to broaden coverage. GitHub claims the confidential scanning is now also available for private repositories.
“Code scanning and secret scanning are available free of charge for all public repositories and are available as part of GitHub Advanced Security,” GitHub said.
GitHub also announced Private Proceedings on Wednesday, an upcoming option for corporate customers.
“Private Instances offers enhanced security, enforcement and policy functionality, including key-encryption, backup archiving, and enforcement with regional data sovereignty requirements,” the company said.
