Announcing third-party code scanning tools: infrastructure as code and container scanning

GitHub has recently launched code scanning out of beta and expanded its security ecosystem by integrating with static analysis and developer security training solutions, allowing developers to use their preferred tools within the GitHub platform. The new integrations connect the developer workflow with security reviews through GitHub Actions and Apps, supporting Static Analysis Results Interchange Format (SARIF) and enabling container, standards, and configuration scanning for infrastructure as code. These additions aim to embed security into the software development lifecycle, aligning with DevSecOps and "shifting left" practices. The GitHub Marketplace now offers integrations with third-party tools like 42Crunch, Accurics, Bridgecrew, Snyk, Aqua Security, and Anchore, providing comprehensive solutions for API security testing, cloud security, and container scanning. These platforms enhance security by automating the detection and resolution of vulnerabilities, integrating seamlessly into developer workflows to maintain a secure posture from development to deployment.