GitHub today launched the , an ongoing effort to protect open source code projects. The GitHub Security Lab is aimed at bringing together security researchers from partner organizations like Google, Microsoft, Mozilla, Oracle, Uber, and HackerOne.
Many open source projects form an underlying infrastructure for modern software such as programming languages like Ruby and Python, machine learning frameworks like , and for containerless apps and , the most popular open source repository on GitHub.
To power the GitHub Security Lab, GitHub is open-sourcing , software from Semmle, a company it . Semmle security software is used by companies like Google, Microsoft, and NASA. GitHub says it’s used the CodeQL semantic code analysis engine to find more than 100 vulnerabilities in popular open source projects with custom