GitHub will make it possible to automatically scan certain repositories for vulnerabilities. With Default, programmers can see directly in Python, JavaScript, and Ruby repos if there are potential vulnerabilities in their code.

The default setting makes it According to GitHub It is possible to enable automatic code scanning, rather than having to set it up afterwards for each repo via a yaml config file. The feature is immediately available from the settings menu, where scans and other analyzes of codes can also be enabled.

The new option allows users to extend CodeQL parsing already provided by GitHub to “virtual”. This means that all public user repos are parsed directly according to CodeQL’s own parsing. In addition, it is still possible to change the settings via yaml.

At the moment, the feature can only be used with Python, JavaScript, and Ruby. In the future, GitHub plans to add all other languages ​​that also work in CodeQL. That will happen in the next six months, depending on the popularity of the programming language and how easy the feature conversion is for those languages, GitHub writes.

The feature is free to use for all public repositories, but private repos require an advanced security or enterprise package.

GitHub implemented CodeQL analytics in 2019 after the platform acquired Semmle. A year later, code scanning became generally available for all public buybacks. GitHub recently released a feature called Dependabot. that Examines warehouses for codes and keys.