GitHub today launched the GitHub Security Lab, an ongoing effort to protect open source code projects. The GitHub Security Lab aims to bring together security researchers from partner organizations such as Google, Microsoft, Mozilla, Oracle, Uber, and HackerOne.
Many open source projects form an underlying infrastructure for modern software such as programming languages like Ruby and Python, machine learning frameworks like TensorFlow and Kubernetes for containerless applications, and Microsoft’s Visual Studio Code, the repository. most popular open source on GitHub.
To power the GitHub Security Lab, GitHub is open source CodeQL, variant analysis software from Semmle, a company it acquired in September to help GitHub better spot exploits in code. Semmle security software is used by companies like Google, Microsoft, and NASA. GitHub says it used the CodeQL semantic code analysis engine to find over 100 vulnerabilities in popular open source projects with custom queries.
To work with maintainers in a private space and give Security Research a way to apply for Common Vulnerability and Exposures (CVE), GitHub also launched Security Advisories. Once completed, notices are sent to the affected project and saved to the GitHub Advisory database and the SecurityAdvisory API.
GitHub also announced today that it will now analyze tokens from new partners like Tencent.
The news comes on day two of the GitHub Universe Developer Conference at the San Francisco Palace of Fine Arts. The Code Repository and Programming Collaboration Platform are now used by over 40 million developers worldwide and are used to store 100 million code repositories. On day one, GitHub launched a range of upgrades and an iOS mobile app. An Android mobile app will launch in 2020. CEO Nat Friedman predicts that more than half of GitHub activity will be on a smartphone within 5 years.
GitHub also launched the Arctic Code Vault, an initiative to preserve open source code for thousands of years in Norwegian permafrost; made actions and packages generally available; and made semantic code search available for the Python, Go, and Ruby repositories.
VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the topics that interest you
- our newsletters
- Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
- networking features, and more
Become a member