October 17, 2020 bestdevops GitHub Leave a comment

GitHub’s code vulnerability scanning tool now generally available

Source:-https://itbrief.com.au GitHub has recently rolled out code scanning to help developers detect and prevent vulnerabilities from popping up in their open source and enterprise code. Code scanning, which was released from beta to general availability in early October, aims to automate security directly into the developer workflow, furthering ‘security by design’ approach to applications and coding. GitHub adds that more than half of breaches are caused by vulnerabilities in application code – and many of these vulnerabilities are recurring patterns.

October 14, 2020 bestdevops IT Training Leave a comment

GitHub envisions a world with fewer software vulnerabilities

Source:-https://www.helpnetsecurity.com “So much of the world’s development happens on GitHub that security is not just an opportunity for us, but our responsibility. To secure software at scale, we need to make a base-level impact that can drive the most change; and that starts with the code,” Grey Baker, GitHub’s Senior Director of Product Management, told Help Net Security. “Everything we’ve built previously was about responding to security incidents (dependency scanning, secret scanning, Dependabot) — reacting in real time, quickly. Our

June 23, 2020 bestdevops GitHub Leave a comment

GitHub’s Nico Waisman: ‘Security is not just an opportunity, but a responsibility for us’

Source:-portswigger.net The GitHub Security Lab was set up by the software development platform in November 2019. Headed up by Nico Waisman, the lab’s mission, first and foremost, is to improve security in open source projects. With GitHub claiming that more than 90% of enterprise software now uses at least some open source elements, the need to improve the security of the OSS ecosystem is more important than ever. And, as Waisman points out, there is an imbalance between software developers

November 27, 2019 bestdevops GitHub Leave a comment

GitHub Seeks Security Dominance With Developers

Source:-forbes.com GitHub has decided to make a play for being a one-stop-shop for all things code security with a series of announcements made at its annual GitHub Universe conference. GitHub has mapped what it believes is a generally useful workflow for how various people involved in security—developers, security researchers, supply-chain partners, vulnerability database providers, etc.—work together to write and maintain secure code. It has then built features and tools, and in some cases acquiring companies, to match these user needs