How GitHub Uses Machine Learning to Extend Vulnerability Code Scanning
Applying machine learning techniques to its rule-based security code scanning capabilities, GitHub hopes to be able to extend them to less common vulnerability patterns by automatically inferring new rules from the existing ones. GitHub Code Scanning uses carefully defined CodeQL analysis rules to identify potential security vulnerabilities lurking in source code. Manually creating those rules is a task that requires security experts to analyze existing libraries as well as private code to identify existing vulnerability patterns. Due to the sheer number of existing libraries, this is clearly a daunting task. Machine learning could help at that, says GitHub, by making it possible to train a model to recognize vulnerable code based on a large number of samples.