Home / Companies / GitHub / Blog / Post Details
Content Deep Dive

Announcing third-party code scanning tools: infrastructure as code and container scanning

Blog post from GitHub

Post Details
Company
Date Published
Author
Jose Palafox
Word Count
946
Company Posts That Month
37
Language
English
Hacker News Points
-
Post removed?
No
Summary

GitHub has recently launched code scanning out of beta and expanded its security ecosystem by integrating with static analysis and developer security training solutions, allowing developers to use their preferred tools within the GitHub platform. The new integrations connect the developer workflow with security reviews through GitHub Actions and Apps, supporting Static Analysis Results Interchange Format (SARIF) and enabling container, standards, and configuration scanning for infrastructure as code. These additions aim to embed security into the software development lifecycle, aligning with DevSecOps and "shifting left" practices. The GitHub Marketplace now offers integrations with third-party tools like 42Crunch, Accurics, Bridgecrew, Snyk, Aqua Security, and Anchore, providing comprehensive solutions for API security testing, cloud security, and container scanning. These platforms enhance security by automating the detection and resolution of vulnerabilities, integrating seamlessly into developer workflows to maintain a secure posture from development to deployment.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Kubernetes 3 1,098 141 44 +14%
Serverless 1 676 96 39 +26%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.