GitHub n'uche , iji hazie mmekorita nke ndị ọkachamara nchekwa sitere na ụlọ ọrụ dị iche iche na otu dị iche iche iji chọpụta adịghị ike ma nyere aka n'iwepụ ha na koodu nke ọrụ mmeghe.
A na-akpọ ụlọ ọrụ niile nwere mmasị na ndị ọkachamara nchekwa kọmputa ka ha sonye n'uche. Maka ịchọpụta adịghị ike ugwo nke ihe ruru $3000, dabere na oke nsogbu na ogo akụkọ. Anyị na-atụ aro ka iji ngwa ngwa nyefee ozi nsogbu. , nke na-enye gị ohere ịmepụta ndebiri nke koodu na-adịghị ike iji chọpụta ọnụnọ nke adịghị ike yiri ya na koodu nke ọrụ ndị ọzọ (CodeQL na-eme ka o kwe omume ịme nyocha nyocha nke koodu na ịmepụta ajụjụ iji chọọ ụfọdụ ihe owuwu).
Ndị nyocha nchekwa sitere na F5, Google, HackerOne, Intel, IOActive, JP Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Trail of Bits, Uber na
VMWare, nke n'ime afọ abụọ gara aga и Nsogbu 105 dị na ọrụ dịka Chromium, libssh2, kernel Linux, Memcached, UBoot, VLC, Apport, HHVM, Exiv2, FFmpeg, Fizz, libav, Ansible, npm, XNU, Ghostscript, Icecast, Apache Struts, strongSwan, Apache Ignite, rsyslog, Apache Geode na Hadoop.
Usoro ndụ nchekwa koodu GitHub tụrụ aro gụnyere ndị otu GitHub Security Lab na-achọpụta adịghị ike, nke a ga-agwa ndị na-elekọta ya na ndị mmepe, ndị ga-emepụta ndozi, hazie mgbe ha ga-ekpughe okwu ahụ, ma gwa ndị ọrụ dabere ka ha wụnye ụdị ahụ na iwepu adịghị ike ahụ. Ebe nchekwa data ahụ ga-enwe ndebiri CodeQL iji gbochie mpụta nke nsogbu edoziziri na koodu dị na GitHub.
Site na GitHub interface ị nwere ike ugbu a Ihe nchọpụta CVE maka nsogbu achọpụtara ma kwadebe akụkọ, GitHub n'onwe ya ga-ezipụ ọkwa dị mkpa ma hazie nhazi ha achikọtara. Ọzọkwa, ozugbo edoziri nsogbu ahụ, GitHub ga-edobe arịrịọ ịdọrọ na-akpaghị aka iji melite ndabere metụtara ọrụ emetụtara.
GitHub agbakwunyela ndepụta adịghị ike , nke na-ebipụta ozi gbasara adịghị ike na-emetụta ọrụ na GitHub na ozi iji soro ngwugwu na ebe nchekwa emetụtara. Ihe nchọpụta CVE ndị a kpọtụrụ aha na nkọwa na GitHub ugbu a na-ejikọta na-akpaghị aka na ozi zuru ezu gbasara adịghị ike na nchekwa data e debere. Iji rụọ ọrụ na nchekwa data, iche iche .
A kọkwara mmelite iji chebe megide gaa n'ụlọ nkwakọba ihe n'ihu ọha
data nwere mmetụta dị ka akara nyocha na igodo nnweta. Mgbe a na-eme nkwa, ihe nyocha na-enyocha igodo na ụdị akara ejiri , gụnyere Alibaba Cloud API, Amazon Web Services (AWS), Azure, Google Cloud, Slack and Stripe. Ọ bụrụ na achọpụtara ihe nrịbama, a na-ezigara onye na-ahụ maka ọrụ arịrịọ ka o kwenye na ntapu ahụ ma kagbuo akara ndị mebiri emebi. Dịka ụnyaahụ, na mgbakwunye na usoro akwadoburu, agbakwunyela nkwado maka ịkọwapụta GoCardless, HashiCorp, Postman na Tencent tokens.
isi: opennet.ru
