#codeql

[ follow ]
#sast #github-actions #semgrep #sarif #scikit-learn #github-secure-open-source-fund #openssf #oss-fuzz
fromInfoQ
2 weeks ago

LinkedIn Leverages GitHub Actions, CodeQL, and Semgrep for Code Scanning

LinkedIn has redesigned its static application security testing pipeline (SAST) to provide consistent, enforceable code scanning across a GitHub-based, multi-repository development environment. The initiative was a result of the company's shift-left strategy by delivering fast, reliable, and actionable security feedback directly in pull requests, strengthening the security of LinkedIn's code and infrastructure and helping protect members and customers.
Information security
Information security
fromscikit-learn Blog
6 months ago

scikit-learn Completes the GitHub Secure Open Source Training

scikit-learn participated in GitHub Secure Open Source Fund Cohort 2, receiving a three-week security training with public resources on CodeQL, secure development, and fuzz testing.
Artificial intelligence
fromInfoQ
8 months ago

GitHub Unveils Prototype AI Agent for Autonomous Bug Fixing

GitHub's new AI agent autonomously fixes bugs and proposes code changes, shifting from developer assistance to autonomous code maintenance.
[ Load more ]