- GitHub introduced a new code scanning option named Default Setup, which automatically set up code scanning without using a .yaml file.
- The new feature makes it easier for developers to scan codes on Python, JavaScript, and Ruby repositories.
- It provides developers with insights to help them find and fix vulnerabilities quickly without disrupting your workflow.
GitHub has announced the launch of Default Setup, a new way to automatically set up code scanning on your repository, without using a .yaml file. The new feature is currently only available for Python, JavaScript, and Ruby repositories but the company will expand it to support more programming languages in the next six months. The new feature allows developers to scan codes with a few clicks, instead of using a .yaml file.
Streamline code scanning setup
Users who enabled the feature will immediately start getting insights from code scanning, enabling them to find and fix vulnerabilities. To enable it, users can navigate to “Code security and analysis” under the “Security” heading in the “Settings” tab of the repository. The new feature can be activated from the new code scanning setup toolbox.
The “Set up” button will present two options, the first is “Default,” which automatically sets up code scanning without a .yaml file and the second is “Advanced,” which allows users to customize their code scanning setup with a .yaml file. The option will be grayed out for the repositories that can’t support the default setup.
When the “Default” option is clicked, it will provide a tailored configuration summary based on the contents of the repository, including the languages detected in the repository, the query packs that will be used, and the events that will trigger scans. These options will be customizable in the future. When the “Enable CodeQL” is clicked, code scanning will automatically run.