GitHub introduced a new initiative to improve code security. It's called a security lab. The goal is to simplify and make the collaboration of all parties interested in secure software more efficient and effective. developers, companies and security researchers. Partners in the security lab are companies like Google, Uber, Mozilla and Oracle.
In addition, the tool becomes CodeQL for open source projects is now available for free. It is used for semantic code analysis and is developed by Saml. The company acquired GitHub in September 2019. On the eve of the acquisition of Semmle, GitHub announced a security initiative.
In the future, the lab team wants to gather more security researchers from different companies and make their work easier to coordinate. It should also serve their own events for which after Twitter publish. According to GitHub, each security researcher has about 500 developers.
Private rooms for greater security
Patching gaps should also be easier. Security developers and researchers can discuss patches in non-public areas called "Security Tips" to make sure there's enough time to fill in the gaps. In these private security tips, developers can directly apply for a CVE number. All developers now receive automated security vulnerability information depending on their projects.
Security features include scanning tokens, which require keys to access public repositories. Then, developers are advised that they have published the right private key.
In the future, the GitHub Advisory Database will provide an overview of vulnerabilities found on and off GitHub. There, users can search for CVEs, filter by severity and ecosystem, and link directly to CVEs in the comments. During the acquisition of Saml, the company also increased its efforts in the security sector.