It gives us great pleasure to announce that ShiftLeft Scan is now natively integrated with GitHub Code Scanning to help developers and teams keep their applications secure without slowing down their productivity. Scan can be effortlessly added to the GitHub action workflow and configured as per the needs. Keeping with our mission to secure every single code and pull request, Scan is available for free for all GitHub users —both as a standalone GitHub action and integrated with Code Scanning.
To register, go to security tab on a repository and follow the steps to register for code and secret scanning as shown:
With an integrated multi-scanner based design, ShiftLeft Scan can detect various kinds of security flaws in your application and infrastructure code in a single fast scan. The following features are available as alerts that are integrated with the Code Scanning UI.
- Credentials Scanning to detect accidental secret leaks
- Static Analysis Security Testing (SAST) for a range of languages and frameworks
Scan can also perform dependency and license audits. These results are only available in the build logs for now.
In addition, pull request scans would automatically show up as a check.
Navigate to the Security tab in your repository and select Code scanning alerts. All the ShiftLeft analyzers will be shown on the sidebar.
My personal favorite feature in this integration is the ability to manage and act on the findings from within GitHub itself. There is also support for viewing the history of a vulnerability to identify when it was first detected.
We believe Code scanning integration is the beginning of a long and valuable partnership with GitHub. Like this integration, we have other CI and Cloud integration either in place or in the works. For any further requests or questions, please do not hesitate to reach out to us.
*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog – Medium authored by Prabhu Subramanian. Read the original post at: https://blog.shiftleft.io/shiftleft-scan-%EF%B8%8F-github-3d06b13a4e9c?source=rss—-86a4f941c7da—4