GitHub ngenyathelo lokuqala , ejolise ekuququzeleleni intsebenziswano yeengcali zokhuseleko ezivela kwiinkampani ezahlukeneyo kunye nemibutho ukuchonga ubuthathaka kunye nokuncedisa ekupheliseni ikhowudi yeeprojekthi zomthombo ovulekileyo.
Zonke iinkampani ezinomdla kunye neengcali zokhuseleko lwekhompyuter ziyamenywa ukuba zijoyine eli nyathelo. Ukuchonga ukuba sesichengeni intlawulo yomvuzo ukuya kuthi ga kwi-3000 yeedola, kuxhomekeke kubuzaza bengxaki kunye nomgangatho wengxelo. Sicebisa ukusebenzisa isixhobo sezixhobo ukungenisa ulwazi olunengxaki. , ekuvumela ukuba uvelise i-template yekhowudi esengozini ukuchonga ubukho bobuthathaka obufanayo kwikhowudi yezinye iiprojekthi (i-CodeQL yenza kube lula ukwenza uhlalutyo lwe-semantic yekhowudi kunye nokuvelisa imibuzo yokukhangela izakhiwo ezithile).
Abaphandi bokhuseleko beF5, Google, HackerOne, Intel, IOActive, JP Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Trail of Bits, Uber kunye
VMWare, kule minyaka mibini idlulileyo ΠΈ 105 ubuthathaka kwiiprojekthi ezifana neChromium, libssh2, Linux kernel, Memcached, UBoot, VLC, Apport, HHVM, Exiv2, FFmpeg, Fizz, libav, Ansible, npm, XNU, Ghostscript, Icecast, Apache Struts, strongSwanite, Apachers Igyswan, Apache , Apache Geode kunye neHadoop.
Umjikelo wokhuseleko wekhowudi ye-GitHub ecetywayo ibandakanya amalungu eLebhu yoKhuseleko ye-GitHub echonga ubuthathaka, eya kuthi ke idluliselwe kubalondolozi kunye nabaphuhlisi, abaya kuphuhlisa izilungiso, balungelelanise ixesha lokuwuchaza umba, kunye nokwazisa iiprojekthi ezixhomekeke ekufakeni uguqulelo. Isiseko sedatha siya kuqulatha iitemplates zeCodeQL ukuthintela ukuvela kwakhona kweengxaki ezisonjululweyo kwikhowudi ekhoyo kwiGitHub.
Ngokusebenzisa ujongano lweGitHub unako ngoku Isichongi se-CVE sengxaki echongiweyo kwaye silungiselele ingxelo, kwaye i-GitHub ngokwayo iya kuthumela izaziso eziyimfuneko kwaye iququzelele ulungiso lwabo olulungelelanisiweyo. Ngaphezu koko, xa umba usonjululwe, i-GitHub iya kungenisa ngokuzenzekelayo izicelo zokutsala ukuhlaziya ukuxhomekeka okuhambelana neprojekthi echaphazelekayo.
I-GitHub yongeze uluhlu lobuthathaka , epapasha ulwazi malunga nobuthathaka obuchaphazela iiprojekthi kwi-GitHub kunye nolwazi lokulandelela iipakethe ezichaphazelekayo kunye nogcino. Izichongi ze-CVE ezikhankanywe kwizimvo kwi-GitHub ngoku ziqhagamshela ngokuzenzekelayo kulwazi oluneenkcukacha malunga nokuba sesichengeni kuvimba weenkcukacha ongenisiweyo. Ukuzenzekelayo umsebenzi kunye nedathabheyisi, eyahlukileyo .
Uhlaziyo lukwaxeliwe ukukhusela kwiindawo zokugcina ezifikelelekayo eluntwini
idatha enovakalelo efana neempawu zoqinisekiso kunye nezitshixo zokufikelela. Ngexesha lokuzibophelela, iskena sijonga isitshixo esiqhelekileyo kunye neefomati zethokheni ezisetyenzisiweyo , kuquka i-Alibaba Cloud API, i-Amazon Web Services (AWS), i-Azure, i-Google Cloud, i-Slack kunye ne-Stripe. Ukuba ithokheni ichongiwe, isicelo sithunyelwa kumnikezeli wenkonzo ukuqinisekisa ukuvuza kunye nokurhoxisa iithokheni eziphazamisekileyo. Ukususela izolo, ukongeza kwiifomati ezixhasiweyo ngaphambili, inkxaso yokuchaza i-GoCardless, i-HashiCorp, i-Postman kunye ne-Tencent tokens yongezwa.
umthombo: opennet.ru