Senior Engineering Manager at a logistics company with 10,001+ employees
Real User
Top 20
2025-04-24T14:53:38Z
Apr 24, 2025
We are using GitHub Code Scanning predominantly for static code analysis to identify vulnerabilities, such as OWASP vulnerabilities. Before the code goes into production, as soon as the developer checks in, our static code analysis runs to validate the code. We have compliance metrics to ensure no vulnerabilities or code leaks occur.
soln architect at a newspaper with 11-50 employees
Real User
Top 20
2025-03-13T14:03:39Z
Mar 13, 2025
We were using GitHub Code Scanning ( /products/github-code-scanning-reviews ) for code coverage and to look for obvious logical errors in the code instead of just syntax errors. It was part of a complex pipeline for overseeing code quality efforts, utilizing tools such as Spectral ( /products/check-point-cloudguard-code-security-reviews ) for scanning code repositories. We were not specifically scanning for viruses. The code scanning was employed in various stages for development and production coding efforts.
The tool helps to know which ports are allowed and which are not. It traverses the entire network, scanning every system to determine which ports are open. As per compliance policy, specific ports prone to attack should not be open.
SAST is a method designed to detect security vulnerabilities within an application's source code. By analyzing the code structure, SAST identifies potential flaws early in the development cycle, promoting secure coding practices and reducing the risk of security issues in production.
Unlike dynamic testing that examines an application during runtime, SAST operates on static code analysis. This early detection capability is crucial as it enables developers to address vulnerabilities before...
We are using GitHub Code Scanning predominantly for static code analysis to identify vulnerabilities, such as OWASP vulnerabilities. Before the code goes into production, as soon as the developer checks in, our static code analysis runs to validate the code. We have compliance metrics to ensure no vulnerabilities or code leaks occur.
We were using GitHub Code Scanning ( /products/github-code-scanning-reviews ) for code coverage and to look for obvious logical errors in the code instead of just syntax errors. It was part of a complex pipeline for overseeing code quality efforts, utilizing tools such as Spectral ( /products/check-point-cloudguard-code-security-reviews ) for scanning code repositories. We were not specifically scanning for viruses. The code scanning was employed in various stages for development and production coding efforts.
The tool helps to know which ports are allowed and which are not. It traverses the entire network, scanning every system to determine which ports are open. As per compliance policy, specific ports prone to attack should not be open.