GitHub Code Scanning Reviews

Primarily, I am using GitHub itself. I use So mostly when we write the code itself, with unit tests that we write. In order to check the total code coverage, we use Sonar. That is one of the functionalities.

Other similar products I have not actually used. CodeQL is the only feature that I have used.

Within one day, I did everything. I created the repository, GitHub Code Scanning itself, and the AI agents for creating the dashboards and also creating multiple kinds of dashboards that I have used.

I have been using Git for approximately 13-14 years. I have used GitHub Code Scanning for about three to four years.

The primary purpose is to identify any vulnerability in the code itself.

The system logs vulnerabilities that we can immediately examine to see all the error-prone areas. The AI functionalities include predefined agents that scan through and immediately provide responses regarding the best nomenclature or code coverage percentage.

It's actually a one-time setup, and the team benefits as long as they push code and changes in the repository itself. Every time we push something, we immediately check the total deviation, whether our code coverage has improved, or if any vulnerability has been identified. There is always a metrics dashboard that we can see and identify.

Primarily, GitHub is used for doing the versioning itself in the repository. With vulnerability functionality being provided and AI agents available, it makes a complete package.

As soon as we publish our code, we immediately get to know the test code coverage. This immediately informs us about all the vulnerable areas which are not being fully tested. If we address those areas, most vulnerabilities are resolved. Even after tests are added, if by any chance the test is not treated cleanly or corner cases are missed, GitHub Code Scanning immediately flags those corners.

It's always beneficial to have because it's not humanly possible to check all corner case scenarios, but as a system where they diagnose each line item, that's very helpful.

We are using GitHub Code Scanning predominantly for static code analysis to identify vulnerabilities, such as OWASP vulnerabilities. Before the code goes into production, as soon as the developer checks in, our static code analysis runs to validate the code. We have compliance metrics to ensure no vulnerabilities or code leaks occur.

GitHub Actions provides extensive options to manage code repositories well. We use it extensively for code reviews, Git branching, and internal code repository integrations. The static code analysis capability in GitHub Code Scanning is a very powerful feature, providing the ability to identify vulnerabilities and ensure code quality.

We were using GitHub Code Scanning for code coverage and to look for obvious logical errors in the code instead of just syntax errors. It was part of a complex pipeline for overseeing code quality efforts, utilizing tools such as Spectral for scanning code repositories. We were not specifically scanning for viruses. The code scanning was employed in various stages for development and production coding efforts.

GitHub Code Spaces brings significant value with its simplicity and ease of use. It eliminates a lot of manual work that typically accompanies custom solutions, making management and maintenance more straightforward. This is crucial, as maintaining custom environments is usually more challenging. Using GitHub Code Spaces offers advantages in setting up the development environment due to its integrated features. The code review automation feature has accelerated our processes around code quality. It helps developers write better code faster and allows for quicker transitions between development stages. All actions, such as scanning, linting, and moving code between stages, have become more agile and efficient.

We use GitHub Code Scanning mostly for source code management.

GitHub Code Scanning should add more templates.

The tool helps to know which ports are allowed and which are not. It traverses the entire network, scanning every system to determine which ports are open. As per compliance policy, specific ports prone to attack should not be open.

The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests.