ShiftLeft Scan ❤️ GitHub

ShiftLeft Scan integrates with GitHub Code Scanning
ShiftLeft Scan ❤️ GitHub

It gives us great pleasure to announce that ShiftLeft Scan is now natively integrated with GitHub Code Scanning to help developers and teams keep their applications secure without slowing down their productivity. Scan can be effortlessly added to the GitHub action workflow and configured as per the needs. Keeping with our mission to secure every single code and pull request, Scan is available for free for all GitHub users —both as a standalone GitHub action and integrated with Code Scanning.

ShiftLeft scan is now available on code scanning marketplace

To register, go to security tab on a repository and follow the steps to register for code and secret scanning as shown:

GitHub code scanning registration for ShiftLeft Scan

Supported features

With an integrated multi-scanner based design, ShiftLeft Scan can detect various kinds of security flaws in your application and infrastructure code in a single fast scan. The following features are available as alerts that are integrated with the Code Scanning UI.

  • Credentials Scanning to detect accidental secret leaks
  • Static Analysis Security Testing (SAST) for a range of languages and frameworks

Scan can also perform dependency and license audits. These results are only available in the build logs for now.

In addition, pull request scans would automatically show up as a check.

PR check
ShiftLeft Scan as a Pull Request check

Viewing alerts

Navigate to the Security tab in your repository and select Code scanning alerts. All the ShiftLeft analyzers will be shown on the sidebar.

My personal favorite feature in this integration is the ability to manage and act on the findings from within GitHub itself. There is also support for viewing the history of a vulnerability to identify when it was first detected.

Closing thoughts

We believe Code scanning integration is the beginning of a long and valuable partnership with GitHub. Like this integration, we have other CI and Cloud integration either in place or in the works. For any further requests or questions, please do not hesitate to reach out to us.

ShiftLeft Scan ❤️ GitHub was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog – Medium authored by Prabhu Subramanian. Read the original post at:—-86a4f941c7da—4