GitHub nrog pib , txhawm rau txhim kho kev sib koom tes ntawm cov kws paub txog kev ruaj ntseg los ntawm ntau lub tuam txhab thiab cov koom haum txhawm rau txheeb xyuas qhov tsis zoo thiab pab tshem tawm lawv hauv cov cai ntawm cov haujlwm qhib.
Txhua lub tuam txhab txaus siab thiab tus kws tshaj lij kev ruaj ntseg hauv computer tau raug caw tuaj koom nrog qhov pib. Rau kev txheeb xyuas qhov tsis zoo them nqi zog txog li $3000, nyob ntawm qhov hnyav ntawm qhov teeb meem thiab qhov zoo ntawm daim ntawv tshaj tawm. Peb xav kom siv cov cuab yeej los xa cov ntaub ntawv teeb meem. , uas tso cai rau koj los tsim cov qauv ntawm cov lej tsis zoo los txheeb xyuas qhov muaj qhov tsis zoo sib xws hauv cov lej ntawm lwm cov haujlwm (CodeQL ua rau nws muaj peev xwm ua qhov kev soj ntsuam semantic ntawm cov lej thiab tsim cov lus nug los tshawb nrhiav qee cov qauv).
Cov kws tshawb fawb txog kev ruaj ntseg los ntawm F5, Google, HackerOne, Intel, IOActive, JP Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Trail of Bits, Uber thiab
VMWare, uas dhau ob xyoos dhau los ΠΈ 105 qhov tsis zoo hauv cov haujlwm xws li Chromium, libssh2, Linux ntsiav, Memcached, UBoot, VLC, Apport, HHVM, Exiv2, FFmpeg, Fizz, libav, Ansible, npm, XNU, Ghostscript, Icecast, Apache Struts, strongSwan, Aprsyslogite, , Apache Geode thiab Hadoop.
GitHub's proposed code security lifecycle in with GitHub Security Lab cov tswv cuab txheeb xyuas qhov tsis zoo, uas tom qab ntawd yuav raug xa mus rau cov neeg saib xyuas thiab cov neeg tsim khoom, leej twg yuav txhim kho, sib koom tes thaum nthuav tawm qhov teeb meem, thiab qhia txog cov haujlwm nyob rau hauv nruab nrog kev tshem tawm qhov tsis zoo. Cov ntaub ntawv yuav muaj CodeQL cov qauv los tiv thaiv qhov rov tshwm sim ntawm kev daws teeb meem hauv cov cai tam sim no ntawm GitHub.
Los ntawm GitHub interface koj tuaj yeem tam sim no CVE tus cim rau qhov teeb meem uas tau txheeb xyuas thiab npaj ib daim ntawv tshaj tawm, thiab GitHub nws tus kheej yuav xa tawm cov ntawv ceeb toom tsim nyog thiab teeb tsa lawv cov kev sib koom ua ke. Tsis tas li ntawd, thaum qhov teeb meem raug daws, GitHub yuav cia li xa cov lus thov rub los hloov kho cov kev cuam tshuam nrog rau qhov cuam tshuam.
GitHub kuj tau ntxiv cov npe ntawm qhov tsis zoo , uas tshaj tawm cov ntaub ntawv hais txog qhov tsis zoo cuam tshuam rau cov haujlwm ntawm GitHub thiab cov ntaub ntawv los taug qab cov pob cuam tshuam thiab chaw cia khoom. CVE tus cim tau hais hauv cov lus ntawm GitHub tam sim no cia li txuas mus rau cov ncauj lus kom ntxaws txog qhov tsis zoo hauv cov ntaub ntawv xa tawm. Yuav kom automate ua hauj lwm nrog lub database, ib tug cais .
Hloov tshiab kuj tau tshaj tawm tiv thaiv mus rau cov chaw khaws ntaub ntawv pej xeem siv tau
rhiab cov ntaub ntawv xws li authentication tokens thiab cov yuam sij nkag. Thaum lub sij hawm cog lus, lub scanner xyuas cov yuam sij thiab token hom siv , suav nrog Alibaba Cloud API, Amazon Web Services (AWS), Azure, Google Huab, Slack thiab Stripe. Yog tias pom lub token, qhov kev thov raug xa mus rau tus neeg muab kev pabcuam kom paub meej tias qhov xau thiab tshem tawm cov tokens cuam tshuam. Raws li nag hmo, ntxiv rau cov ntawv txhawb nqa yav dhau los, kev txhawb nqa rau kev txhais GoCardless, HashiCorp, Postman thiab Tencent tokens tau ntxiv.
Tau qhov twg los: opennet.ru