Skip to main content

GitHub can now squash even more code bugs before release

(Image credit: Pixabay)

GitHub has announced that 10 new third-party tools have been made available for use with its recently released code scanning feature. This means more developers will be able to remove security vulnerabilities and other faults before they are committed to code.

Code scanning was announced at the end of September as a developer-first, GitHub-native approach to reducing the number of vulnerabilities that reach the production stage. Developers are freed up to focus on writing their most creative and beautiful lines of code, while GitHub’s CodeQL static scanning engine automatically runs actionable security rules.

Scanning occurs as new code is created and integrates with GitHub Actions or your existing CI/CD environment to provide maximum flexibility for developers.

Welcome to the party

The code scanning feature has been an early success, identifying some 20,000 security issues since its beta launch in May. The addition of 10 new third-party tools will provide added customisation options for developers, while still allowing them to use their preferred  GitHub tools and continue enjoying a single-user experience.

“Today, we’re happy to introduce 10 new third-party tools available with GitHub code scanning,” Jose Palafox, a senior business development manager at GitHub confirmed in a blog post. “These open source projects and static application security testing (SAST) solutions bring a wide array of additional security tools directly into the developer workflow, ensuring that vulnerabilities can be identified and fixed before they are committed to the code base.”

Among the ten new tools are Checkmarx, the leading software security solution for enterprise software development, and Codacy, which provides static analysis, cyclomatic complexity, duplication and code unit test coverage changes for every commit and pull request. The remaining new tools consist of CodeScan, DefenseCode ThunderScan, Fortify on Demand, Muse, Secure Code Warrior, Synopsys Intelligent Security Scan, Veracode Static Analysis, and Xanitizer.

The third-party scanning tools are available from the GitHub Marketplace now.