- Регистрация
- 09.02.2010
- Сообщения
- 270
- Реакции
- 41
- Баллы
- 28
- Native language | Родной язык
- English
Mobile applications have become a fundamental part of everyday life, from how we work, communicate, and entertain ourselves. We rely on mobile applications for their convenience, ease of use, and ability to provide access to a wide range of services and information on the go. At GitHub, we want to ensure we’re bringing code to you, wherever you are. That’s why we’ve made a number of investments in
According to a
Today, we’re highlighting two exciting releases, aimed at providing developers new ways to secure their mobile applications built on GitHub. The first is the launch of our
In November, we announced the
For Swift, this includes identifying issues such as path injections, unsafe web view fetches, numerous cryptographic misuse, and other types of unsafe evaluation or processing of unsanitized user data. This ensures that developers can proactively identify and address security issues during the development process with our developer friendly alerts, enhancing the overall security posture of their applications. During our public beta, we’ll gradually increase our coverage of distinct weaknesses.
Swift joins our
On the supply chain security side, we’re also adding Swift as a
With support for Swift and Kotlin in code scanning in public beta, the GitHub Security Lab has opened the
The GitHub Security Lab’s CodeQL Bug Bounty program aims at scaling the security research community’s work across open source projects. This program offers the opportunity for researchers to write a CodeQL query to not only find existing bugs at scale in open source, but also support developers in preventing future bugs in open source projects.
To support the beta testing of these mobile languages, the GitHub Security Lab will provide a specific bonus for CodeQL query submissions for Swift and Kotlin from now through December 1, 2023. The first 10 submissions that score High or Critical will get an additional reward up to $2,000. Learn more about this specific bonus in the FAQ on the
Learn more about GitHub security solutions
GitHub is committed to helping build safer and more secure software without compromising on the developer experience. To learn more or enable GitHub’s security features in repositories, check out the
You do not have permission to view link please Вход or Регистрация
so that developers can build from anywhere, giving them ways to manage their projects, help secure their code, and connect with communities all on the go.According to a
You do not have permission to view link please Вход or Регистрация
, the number of mobile app downloads worldwide was 255 billion in 2022. It’s never been more essential to ensure that your mobile applications are secure and that your users’ data remains private.Today, we’re highlighting two exciting releases, aimed at providing developers new ways to secure their mobile applications built on GitHub. The first is the launch of our
You do not have permission to view link please Вход or Регистрация
, which will allow users to scan Swift repositories for potential vulnerabilities. The second is upcoming support for Swift security advisories, allowing Dependabot to alert you about vulnerable Swift dependencies in the dependency graph.Mobile language support in code scanning
In November, we announced the
You do not have permission to view link please Вход or Регистрация
. Since then, developers have fixed over 6,000 Kotlin alerts! Having both Kotlin and Swift support is crucial for
You do not have permission to view link please Вход or Регистрация
, the engine that powers GitHub code scanning, due to the growing popularity and adoption of these programming languages. Kotlin and Swift are widely used in mobile app development, particularly for Android and iOS platforms. By offering support for Kotlin and Swift, code scanning can effectively analyze and detect security vulnerabilities and potential threats specific to these languages.For Swift, this includes identifying issues such as path injections, unsafe web view fetches, numerous cryptographic misuse, and other types of unsafe evaluation or processing of unsanitized user data. This ensures that developers can proactively identify and address security issues during the development process with our developer friendly alerts, enhancing the overall security posture of their applications. During our public beta, we’ll gradually increase our coverage of distinct weaknesses.
Swift joins our
You do not have permission to view link please Вход or Регистрация
(C/C++, Java/Kotlin, JS/TS, Python, Ruby, C#, and Go), which means you can run nearly 400 checks on your code, all while keeping false positive rates low and precision high.Looking ahead
On the supply chain security side, we’re also adding Swift as a
You do not have permission to view link please Вход or Регистрация
, with Swift security advisories supported and curated in the GitHub
You do not have permission to view link please Вход or Регистрация
and Swift dependencies in the
You do not have permission to view link please Вход or Регистрация
later in June. This means that Dependabot will soon alert you about
You do not have permission to view link please Вход or Регистрация
in your Swift projects and open pull requests with the suggested fix.Swift and Kotlin Bug Bounty
With support for Swift and Kotlin in code scanning in public beta, the GitHub Security Lab has opened the
You do not have permission to view link please Вход or Регистрация
for software security researchers to submit CodeQL queries to test open source projects written in Swift and Kotlin.The GitHub Security Lab’s CodeQL Bug Bounty program aims at scaling the security research community’s work across open source projects. This program offers the opportunity for researchers to write a CodeQL query to not only find existing bugs at scale in open source, but also support developers in preventing future bugs in open source projects.
To support the beta testing of these mobile languages, the GitHub Security Lab will provide a specific bonus for CodeQL query submissions for Swift and Kotlin from now through December 1, 2023. The first 10 submissions that score High or Critical will get an additional reward up to $2,000. Learn more about this specific bonus in the FAQ on the
You do not have permission to view link please Вход or Регистрация
.Learn more about GitHub security solutions
GitHub is committed to helping build safer and more secure software without compromising on the developer experience. To learn more or enable GitHub’s security features in repositories, check out the
You do not have permission to view link please Вход or Регистрация
.
