GitHub offers new 'default setup' option for code scanning

GitHub has a new setup option for code scanning called ‘default setup,’ which would allow developers to enable code scanning on their repositories automatically.

“Default setup simplifies getting started with code scanning on Python, JavaScript, and Ruby repositories,” explains Walker Chabbott, a product marketing manager at GitHub, in the blog post announcing the option. “You can now enable code scanning in just a few clicks and without using a .yaml file, helping open source developers and enterprises streamline code scanning setup so they can secure more of their software. Once enabled, you’ll immediately start getting insights from code scanning in your code to help you find and fix vulnerabilities quickly without disrupting your workflow.”

The option can be accessed in the “Settings” tab of the repo. Under the “Security” heading is the “Code security and analysis” section, which contains the new code scanning setup toolbox. Users need to select the “Set up” button and proceed to the “Default” option.

“When you click on ‘Default,’ you’ll automatically see a tailored configuration summary based on the contents of the repository,” adds Chabbott. “This includes the languages detected in the repository, the query packs that will be used, and the events that will trigger scans. In the future, these options will be customizable.”

After reviewing the CodeQL default configuration, users simply need to click the “Enable CodeQL” option to finalize the setting, allowing code scanning to run on the repository automatically.

Currently, it is only available to Python, JavaScript, and Ruby repositories, but there is a plan to expand the option to more languages in the coming months.

“We are working hard to make this experience available for all languages supported by the CodeQL analysis engine,” says Chabbott. “We will continue rolling out support for new languages based on popularity and build complexity over the next six months.”