Thursday, October 1, 2020 – 20:19 ksa

The world’s largest hosting of IT projects launched a free software bug search

Github has given up access to the service to search software source code for possible bugs for all users of the application. Trusted by Google, Microsoft, NASA and Uber, only the beta test participants were previously given the CodeQL tool.

image source:

The code analyzer based on CodeQL went public on Github
Github, the world’s largest hosting platform for IT ventures, also released a free tool to find bugs of software source code. It is open to us as of 30 September 2020. This was reported on the company’s official site by Justin Hutchings, Senior Product Manager for Github.

The tool is operated by the CodeQL semantic code analysis engine, nicknamed ‘Code scanning’. The engine was produced by the American company Semmle, which was acquired in 2019 by Github. CodeQL is the most effective platform of its kind, according to Nat Friedman, CEO of Github. It is used by Apple , Microsoft, NASA and Uber security experts.

Based on pre-configured models, the service automatically scans each pull request. These prototypes provide explanations of programmers’ typical errors. More than 2 thousand of them are currently in the framework, and users of the service will add their own models.

The tool is available free of charge for public repository use. Code inspection of private (closed) repositories is available as part of an expanded range of security features provided by the company to Github Enterprise’s paying plan customers.

Code scan results in the Github interface

Github revealed the improvements to the pricing structure in January 2019, as a reminder. Any number of private repositories could be generated by members of the free Github Free plan, but a limit of three developers could have access to each of them. In a single bundle named Github Private, Private Cloud and Business Platform have been integrated. It is meant for organisations and, based on the number of customers, the cost varies.

First results of using the tool

In May 2019, Vulnerability Monitoring was released as a beta test on Github. According to the hosting results, more than 12 thousand libraries were searched over 1.4 million times during their “run-in” and over 20 thousand security issues were found. The dangers of remote code execution, SQL injection, and XSS (cross-site scripting) bugs are among them.

Moreover, 72% of the errors found were identified at the stage of consideration of pull requests and were fixed by the developers within 30 days. Github is very pleased with this result, especially considering that in the industry as a whole, this figure does not exceed 30%.

A few words about Github

Github is the world’s leading hosting and sharing site for open source applications. More than 28 million app engineers use the platform ‘s resources, with over 80 million designs housed here.

More than 1.5 million firms, including the biggest corporations such as Apple, Amazon and Google, use the service’s services. In the number of developers who contribute to the Microsoft VSCode repository on Github, Microsoft is the master.

The first reports of Microsoft’s plans to purchase Github emerged on the Web in 2016, but they were continuously refuted by the business management, underlining that the organization maintains its freedom and would not sell itself to others.

However, Microsoft publicly announced the sale of the service in June 2018. The contract amounted to 7.5 billion dollars. The new division within Microsoft was headed by vice president of the corporation from Redmond, Nat Friedman.

Github announced the acquisition of California-based start-up Semmle in September 2019, which had been founded a year ago. The parties did not reveal the number and terms of the deal, however, as Techcrunch reports, the firm managed to collect $31 million prior to its completion.

In April 2020, Github decreased the cost of paid plans and also allowed private repositories to be used free of charge and connected to them by an infinite number of developers.