GitHub offers new 'default setup' option for code scanning

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

GitHub has a new setup option for code scanning called ‘default setup,’ which would allow developers to enable code scanning on their repositories automatically.

GitHub CodeQL default configuration window with Enable CodeQL option

“Default setup simplifies getting started with code scanning on Python, JavaScript, and Ruby repositories,” explains Walker Chabbott, a product marketing manager at GitHub, in the blog post announcing the option. “You can now enable code scanning in just a few clicks and without using a .yaml file, helping open source developers and enterprises streamline code scanning setup so they can secure more of their software. Once enabled, you’ll immediately start getting insights from code scanning in your code to help you find and fix vulnerabilities quickly without disrupting your workflow.”

The option can be accessed in the “Settings” tab of the repo. Under the “Security” heading is the “Code security and analysis” section, which contains the new code scanning setup toolbox. Users need to select the “Set up” button and proceed to the “Default” option.

“When you click on ‘Default,’ you’ll automatically see a tailored configuration summary based on the contents of the repository,” adds Chabbott. “This includes the languages detected in the repository, the query packs that will be used, and the events that will trigger scans. In the future, these options will be customizable.”

After reviewing the CodeQL default configuration, users simply need to click the “Enable CodeQL” option to finalize the setting, allowing code scanning to run on the repository automatically.

Currently, it is only available to Python, JavaScript, and Ruby repositories, but there is a plan to expand the option to more languages in the coming months.

“We are working hard to make this experience available for all languages supported by the CodeQL analysis engine,” says Chabbott. “We will continue rolling out support for new languages based on popularity and build complexity over the next six months.”

User forum

0 messages