GitHub Shifts Left on Security with Its SARIF Compatibility

GitHub Shifts Left on Security with Its SARIF Compatibility

SARIF stands for Static Analysis Results Interchange Format. In 2018, SARIF was announced as an OASIS standard when it comes to detecting software vulnerabilities. Since, governments and large corporations like Microsoft have been on-board with SARIF as an extra measure of visibility for its users leveraging static code analysis.

As the home of open source, and with more than 50 million users, GitHub has taken the initiative to boost its security capabilities with the recent launch of its code scanning feature. Built for open source and enterprise developers, code scanning is based on the code analysis capabilities of CodeQL and is compatible with SARIF, allowing developers to seamlessly scan their work on the GitHub platform.

CodeScan’s New Action

Built on the SARIF standard, GitHub is extensible so users can integrate with third-party solutions, such as CodeScan. For GitHub users also on the Salesforce platform, CodeScan now has a new Action on the GitHub marketplace. Called the CodeScan Scanner, this Action allows developers to get more feedback on their GitHub pull requests. Integrated directly into the GitHub workflow, CodeScan provides results directly on the platform. No new windows, tabs, or logins are necessary.

Productivity, Security, and Quality

What does this SARIF functionality mean in the grand scheme of it all? SARIF opens the door to greater security measures on the GitHub platform. Developers are now empowered with access to their static analysis results earlier, improving their productivity and efficiency.

Instead of wasting time in the QA development loop, whether you’re using CodeScan’s Scanner or GitHub’s CodeQL, development teams can leverage their static analysis results in SARIF format to view their results on the GitHub platform. This visibility in this early stage of coding is aligned with the shift left trend. As companies produce products quicker, teams have been shifting towards agile development methods, looking for ways to optimize productivity and create cleaner products, while reducing bottlenecks in their pipelines. The SARIF compatibility on GitHub will open doors for developers to do so.

SARIF stands for Static Analysis Results Interchange Format. In 2018, SARIF was announced as an OASIS standard when it comes to detecting software vulnerabilities. Since, governments and large corporations like Microsoft have been on-board with SARIF as an extra measure of visibility for its users leveraging static code analysis.

As the home of open source, and with more than 50 million users, GitHub has taken the initiative to boost its security capabilities with the recent launch of its code scanning feature. Built for open source and enterprise developers, code scanning is based on the code analysis capabilities of CodeQL and is compatible with SARIF, allowing developers to seamlessly scan their work on the GitHub platform.

CodeScan’s New Action

Built on the SARIF standard, GitHub is extensible so users can integrate with third-party solutions, such as CodeScan. For GitHub users also on the Salesforce platform, CodeScan now has a new Action on the GitHub marketplace. Called the CodeScan Scanner, this Action allows developers to get more feedback on their GitHub pull requests. Integrated directly into the GitHub workflow, CodeScan provides results directly on the platform. No new windows, tabs, or logins are necessary.

Productivity, Security, and Quality

What does this SARIF functionality mean in the grand scheme of it all? SARIF opens the door to greater security measures on the GitHub platform. Developers are now empowered with access to their static analysis results earlier, improving their productivity and efficiency.

Instead of wasting time in the QA development loop, whether you’re using CodeScan’s Scanner or GitHub’s CodeQL, development teams can leverage their static analysis results in SARIF format to view their results on the GitHub platform. This visibility in this early stage of coding is aligned with the shift left trend. As companies produce products quicker, teams have been shifting towards agile development methods, looking for ways to optimize productivity and create cleaner products, while reducing bottlenecks in their pipelines. The SARIF compatibility on GitHub will open doors for developers to do so.

Develop high quality, secure code!

RELATED BLOG POSTS
CodeScan’s Acquistion by AutoRABIT: A Complete DevSecOps Solution
CodeScan’s Acquistion by AutoRABIT: A Complete DevSecOps Solution

CodeScan has offered an essential service to further companies' DevOps processes for years—real-time code analysis creates stronger products, faster time to Read more

Manage Your Releases with Blue Canvas and CodeScan
Manage Your Releases with Blue Canvas and CodeScan

CodeScan’s static code analysis solution benefits teams using Salesforce as their CRM system. We value the partner ecosystem within Salesforce Read more

Get Your Salesforce on the Right Path With the TrueNorth Alliance
Get Your Salesforce on the Right Path With the TrueNorth Alliance

At CodeScan, we believe in the strength of partnerships when it comes to providing quality products and services. With technology Read more

What You Need to Know About OWASP’s Top 10 Vulnerabilities List
What You Need to Know About OWASP’s Top 10 Vulnerabilities List

What Is OWASP? OWASP stands for the Open Web Application Security Project, a non-profit, online community with the mission to Read more

Zendesk help